mirror of
https://github.com/wavestone-cdt/EDRSandblast.git
synced 2026-06-11 01:41:20 +00:00
v1.0 of the pypdb parser: completely removed the radare2 dependency
This commit is contained in:
Maxime Meignan
+183
-137
@@ -1,15 +1,17 @@
|
|||||||
import argparse
|
import argparse
|
||||||
import csv
|
import csv
|
||||||
import os
|
import os
|
||||||
import sys
|
|
||||||
|
|
||||||
from requests import get
|
from requests import get
|
||||||
from gzip import decompress
|
from gzip import decompress
|
||||||
from json import loads
|
from json import loads
|
||||||
import subprocess
|
|
||||||
|
|
||||||
from concurrent.futures import ThreadPoolExecutor, as_completed
|
from concurrent.futures import ThreadPoolExecutor, as_completed
|
||||||
import threading
|
import threading
|
||||||
|
|
||||||
|
from lightpdbparser import Pdb
|
||||||
|
|
||||||
|
|
||||||
THREADS_LIMIT = None
|
THREADS_LIMIT = None
|
||||||
CSVLock = threading.Lock()
|
CSVLock = threading.Lock()
|
||||||
|
|
||||||
@@ -17,6 +19,7 @@ machineType = dict(x86=332, x64=34404)
|
|||||||
knownImageVersions = dict(ntoskrnl=list(), wdigest=list(), ci=list())
|
knownImageVersions = dict(ntoskrnl=list(), wdigest=list(), ci=list())
|
||||||
extensions_by_mode = dict(ntoskrnl="exe", wdigest="dll", ci="dll")
|
extensions_by_mode = dict(ntoskrnl="exe", wdigest="dll", ci="dll")
|
||||||
|
|
||||||
|
|
||||||
def find(key, value):
|
def find(key, value):
|
||||||
for k, v in value.items():
|
for k, v in value.items():
|
||||||
if k == key:
|
if k == key:
|
||||||
@@ -25,54 +28,49 @@ def find(key, value):
|
|||||||
return find(key, v)
|
return find(key, v)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def printl(s, lock, **kwargs):
|
def printl(s, lock, **kwargs):
|
||||||
with lock:
|
with lock:
|
||||||
print(s, **kwargs)
|
print(s, **kwargs)
|
||||||
|
|
||||||
def run(args, **kargs):
|
|
||||||
"""Wrap subprocess.run to works on Windows and Linux"""
|
|
||||||
# Windows needs shell to be True, to locate binary automatically
|
|
||||||
# On Linux, shell needs to be False to manage lists in args
|
|
||||||
shell = sys.platform in ["win32"]
|
|
||||||
return subprocess.run(args, shell=shell, **kargs)
|
|
||||||
|
|
||||||
def downloadSpecificFile(entry, pe_basename, pe_ext, knownPEVersions, output_folder, lock):
|
def downloadSpecificFile(entry, pe_basename, pe_ext, knownPEVersions, output_folder, lock):
|
||||||
pe_name = f'{pe_basename}.{pe_ext}'
|
pe_name = f"{pe_basename}.{pe_ext}"
|
||||||
|
|
||||||
if 'fileInfo' not in entry:
|
if "fileInfo" not in entry:
|
||||||
# printl(f'[!] Entry {pe_hash} has no fileInfo, skipping it.', lock)
|
# printl(f'[!] Entry {pe_hash} has no fileInfo, skipping it.', lock)
|
||||||
return "SKIP"
|
return "SKIP"
|
||||||
if 'timestamp' not in entry['fileInfo']:
|
if "timestamp" not in entry["fileInfo"]:
|
||||||
# printl(f'[!] Entry has no timestamp, skipping it.', lock)
|
# printl(f'[!] Entry has no timestamp, skipping it.', lock)
|
||||||
return "SKIP"
|
return "SKIP"
|
||||||
timestamp = entry['fileInfo']['timestamp']
|
timestamp = entry["fileInfo"]["timestamp"]
|
||||||
if 'virtualSize' not in entry['fileInfo']:
|
if "virtualSize" not in entry["fileInfo"]:
|
||||||
# printl(f'[!] Entry has no virtualSize, skipping it.', lock)
|
# printl(f'[!] Entry has no virtualSize, skipping it.', lock)
|
||||||
return "SKIP"
|
return "SKIP"
|
||||||
if "machineType" not in entry["fileInfo"] or entry["fileInfo"]["machineType"] != machineType["x64"]:
|
if "machineType" not in entry["fileInfo"] or entry["fileInfo"]["machineType"] != machineType["x64"]:
|
||||||
# printl('No machine Type', lock)
|
# printl('No machine Type', lock)
|
||||||
return "SKIP"
|
return "SKIP"
|
||||||
virtual_size = entry['fileInfo']['virtualSize']
|
virtual_size = entry["fileInfo"]["virtualSize"]
|
||||||
file_id = hex(timestamp).replace('0x','').zfill(8).upper() + hex(virtual_size).replace('0x','')
|
file_id = hex(timestamp).replace("0x", "").zfill(8).upper() + hex(virtual_size).replace("0x", "")
|
||||||
url = 'https://msdl.microsoft.com/download/symbols/' + pe_name + '/' + file_id + '/' + pe_name
|
url = "https://msdl.microsoft.com/download/symbols/" + pe_name + "/" + file_id + "/" + pe_name
|
||||||
try:
|
try:
|
||||||
version = entry['fileInfo']['version'].split(' ')[0]
|
version = entry["fileInfo"]["version"].split(" ")[0]
|
||||||
except:
|
except:
|
||||||
version = find('version', entry).split(' ')[0]
|
version = find("version", entry).split(" ")[0]
|
||||||
if version and version.count(".") != 3:
|
if version and version.count(".") != 3:
|
||||||
version = None
|
version = None
|
||||||
|
|
||||||
if not version:
|
if not version:
|
||||||
printl(f'[*] Error parsing version', lock)
|
printl(f"[*] Error parsing version", lock)
|
||||||
return "SKIP"
|
return "SKIP"
|
||||||
|
|
||||||
# Output file format: <PE>_build-revision.<exe | dll>
|
# Output file format: <PE>_build-revision.<exe | dll>
|
||||||
output_version = '-'.join(version.split('.')[-2:])
|
output_version = "-".join(version.split(".")[-2:])
|
||||||
output_file = f'{pe_basename}_{output_version}.{pe_ext}'
|
output_file = f"{pe_basename}_{output_version}.{pe_ext}"
|
||||||
|
|
||||||
# If the PE version is already known, skip download.
|
# If the PE version is already known, skip download.
|
||||||
if output_file in knownPEVersions:
|
if output_file in knownPEVersions:
|
||||||
printl(f'[*] Skipping download of known {pe_name} version: {output_file}', lock)
|
printl(f"[*] Skipping download of known {pe_name} version: {output_file}", lock)
|
||||||
return "SKIP"
|
return "SKIP"
|
||||||
|
|
||||||
output_file_path = os.path.join(output_folder, output_file)
|
output_file_path = os.path.join(output_folder, output_file)
|
||||||
@@ -83,35 +81,52 @@ def downloadSpecificFile(entry, pe_basename, pe_ext, knownPEVersions, output_fol
|
|||||||
# printl(f'[*] Downloading {pe_name} version {version}... ', lock)
|
# printl(f'[*] Downloading {pe_name} version {version}... ', lock)
|
||||||
try:
|
try:
|
||||||
peContent = get(url)
|
peContent = get(url)
|
||||||
with open(output_file_path, 'wb') as f:
|
with open(output_file_path, "wb") as f:
|
||||||
f.write(peContent.content)
|
f.write(peContent.content)
|
||||||
printl(f'[+] Finished download of {pe_name} version {version} (file: {output_file})!', lock)
|
printl(
|
||||||
|
f"[+] Finished download of {pe_name} version {version} (file: {output_file})!",
|
||||||
|
lock,
|
||||||
|
)
|
||||||
return "OK"
|
return "OK"
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
printl(f'[!] ERROR : Could not download {pe_name} version {version} (URL: {url}): {str(e)}.', lock)
|
printl(
|
||||||
|
f"[!] ERROR : Could not download {pe_name} version {version} (URL: {url}): {str(e)}.",
|
||||||
|
lock,
|
||||||
|
)
|
||||||
return "KO"
|
return "KO"
|
||||||
|
|
||||||
|
|
||||||
def downloadPEFileFromMS(pe_basename, pe_ext, knownPEVersions, output_folder):
|
def downloadPEFileFromMS(pe_basename, pe_ext, knownPEVersions, output_folder):
|
||||||
pe_name = f'{pe_basename}.{pe_ext}'
|
pe_name = f"{pe_basename}.{pe_ext}"
|
||||||
|
|
||||||
print (f'[*] Downloading {pe_name} files!')
|
print(f"[*] Downloading {pe_name} files!")
|
||||||
|
|
||||||
pe_json_gz = get(f'https://winbindex.m417z.com/data/by_filename_compressed/{pe_name}.json.gz').content
|
pe_json_gz = get(f"https://winbindex.m417z.com/data/by_filename_compressed/{pe_name}.json.gz").content
|
||||||
pe_json = decompress(pe_json_gz)
|
pe_json = decompress(pe_json_gz)
|
||||||
pe_list = loads(pe_json)
|
pe_list = loads(pe_json)
|
||||||
|
|
||||||
futures = dict()
|
|
||||||
i = 0
|
i = 0
|
||||||
futures = set()
|
futures = set()
|
||||||
lock = threading.Lock()
|
lock = threading.Lock()
|
||||||
with ThreadPoolExecutor(max_workers=THREADS_LIMIT) as executor:
|
with ThreadPoolExecutor(max_workers=THREADS_LIMIT) as executor:
|
||||||
for pe_hash in pe_list:
|
for pe_hash in pe_list:
|
||||||
entry = pe_list[pe_hash]
|
entry = pe_list[pe_hash]
|
||||||
futures.add(executor.submit(downloadSpecificFile, entry, pe_basename, pe_ext, knownPEVersions, output_folder, lock))
|
futures.add(
|
||||||
|
executor.submit(
|
||||||
|
downloadSpecificFile,
|
||||||
|
entry,
|
||||||
|
pe_basename,
|
||||||
|
pe_ext,
|
||||||
|
knownPEVersions,
|
||||||
|
output_folder,
|
||||||
|
lock,
|
||||||
|
)
|
||||||
|
)
|
||||||
for future in as_completed(futures):
|
for future in as_completed(futures):
|
||||||
printl(f"{i + 1}/{len(pe_list)}", lock, end="\r")
|
printl(f"{i + 1}/{len(pe_list)}", lock, end="\r")
|
||||||
i += 1
|
i += 1
|
||||||
|
|
||||||
|
|
||||||
def get_symbol_offset(symbols_info, symbol_name):
|
def get_symbol_offset(symbols_info, symbol_name):
|
||||||
for line in symbols_info:
|
for line in symbols_info:
|
||||||
# sometimes, a "_" is prepended to the symbol name ...
|
# sometimes, a "_" is prepended to the symbol name ...
|
||||||
@@ -120,6 +135,7 @@ def get_symbol_offset(symbols_info, symbol_name):
|
|||||||
else:
|
else:
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
|
|
||||||
def get_field_offset(symbols_info, field_name):
|
def get_field_offset(symbols_info, field_name):
|
||||||
for line in symbols_info:
|
for line in symbols_info:
|
||||||
if field_name in line:
|
if field_name in line:
|
||||||
@@ -129,51 +145,74 @@ def get_field_offset(symbols_info, field_name):
|
|||||||
else:
|
else:
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
from pefile import PE, DIRECTORY_ENTRY
|
|
||||||
|
from pefile import PE, DIRECTORY_ENTRY, PEFormatError
|
||||||
|
|
||||||
|
|
||||||
def get_file_version(path):
|
def get_file_version(path):
|
||||||
pe = PE(path,fast_load=True)
|
pe = PE(path, fast_load=True)
|
||||||
pe.parse_data_directories(directories=[DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']])
|
pe.parse_data_directories(directories=[DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_RESOURCE"]])
|
||||||
if not 'VS_FIXEDFILEINFO' in pe.__dict__ or not pe.VS_FIXEDFILEINFO:
|
if not "VS_FIXEDFILEINFO" in pe.__dict__ or not pe.VS_FIXEDFILEINFO:
|
||||||
raise RuntimeError("Version info not found in {pename}")
|
raise RuntimeError("Version info not found in {pename}")
|
||||||
verinfo = pe.VS_FIXEDFILEINFO[0]
|
verinfo = pe.VS_FIXEDFILEINFO[0]
|
||||||
filever = (verinfo.FileVersionMS >> 16, verinfo.FileVersionMS & 0xFFFF, verinfo.FileVersionLS >> 16, verinfo.FileVersionLS & 0xFFFF)
|
filever = (
|
||||||
|
verinfo.FileVersionMS >> 16,
|
||||||
|
verinfo.FileVersionMS & 0xFFFF,
|
||||||
|
verinfo.FileVersionLS >> 16,
|
||||||
|
verinfo.FileVersionLS & 0xFFFF,
|
||||||
|
)
|
||||||
return filever
|
return filever
|
||||||
|
|
||||||
|
|
||||||
# Takes a path to a PE file as argument, download the associated PDB
|
# Takes a path to a PE file as argument, download the associated PDB
|
||||||
# Return True if it succeeded of if the PDB was already present
|
# Return the path of the existing PDB if any, and the content of the PDB in memory
|
||||||
def get_pdb(pe_path, verbose=False):
|
# use keep_ondisk=False not to store the PDB files on disk
|
||||||
|
def get_pdb(pe: PE, pe_path, keep_ondisk=True, verbose=False):
|
||||||
pdb_file_path = pe_path.rsplit(".", maxsplit=1)[0] + ".pdb"
|
pdb_file_path = pe_path.rsplit(".", maxsplit=1)[0] + ".pdb"
|
||||||
if not os.path.isfile(pdb_file_path):
|
if not os.path.isfile(pdb_file_path):
|
||||||
if verbose: print(f"[*] Downloading missing {pdb_file_path}")
|
if verbose:
|
||||||
pe = PE(pe_path, fast_load=True)
|
print(f"[*] Downloading missing {pdb_file_path}")
|
||||||
pe.parse_data_directories(directories=[DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_DEBUG']])
|
pe.parse_data_directories(directories=[DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_DEBUG"]])
|
||||||
guid_string = f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data1:08X}" + \
|
guid_string = (
|
||||||
f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data2:04X}" + \
|
f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data1:08X}"
|
||||||
f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data3:04X}" + \
|
+ f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data2:04X}"
|
||||||
f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data4:02X}" + \
|
+ f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data3:04X}"
|
||||||
f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data5:02X}" + \
|
+ f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data4:02X}"
|
||||||
pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data6.hex().upper()
|
+ f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data5:02X}"
|
||||||
|
+ pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data6.hex().upper()
|
||||||
|
)
|
||||||
age_string = f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Age:X}"
|
age_string = f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Age:X}"
|
||||||
pdb_filename = pe.DIRECTORY_ENTRY_DEBUG[0].entry.PdbFileName.decode().replace("\x00","")
|
pdb_filename = pe.DIRECTORY_ENTRY_DEBUG[0].entry.PdbFileName.decode().replace("\x00", "")
|
||||||
pdb_url = f'https://msdl.microsoft.com/download/symbols/{pdb_filename}/{guid_string}{age_string}/{pdb_filename}'
|
pdb_url = f"https://msdl.microsoft.com/download/symbols/{pdb_filename}/{guid_string}{age_string}/{pdb_filename}"
|
||||||
try:
|
try:
|
||||||
pdbContent = get(pdb_url)
|
pdbContent = get(pdb_url)
|
||||||
assert len(pdbContent.content) > 0
|
if len(pdbContent.content) == 0:
|
||||||
with open(pdb_file_path, 'wb') as f:
|
raise ValueError("Downloaded PDB is empty")
|
||||||
f.write(pdbContent.content)
|
if keep_ondisk:
|
||||||
if verbose: print(f'[+] Finished download PDB of {pe_path} version (file: {pdb_file_path})!')
|
with open(pdb_file_path, "wb") as f:
|
||||||
|
f.write(pdbContent.content)
|
||||||
|
if verbose:
|
||||||
|
print(f"[+] Finished download PDB of {pe_path} version (file: {pdb_file_path})!")
|
||||||
|
return pdb_file_path, pdbContent.content
|
||||||
|
if not keep_ondisk:
|
||||||
|
return None, pdbContent.content
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f'[!] ERROR : Could not download PDB of {pe_path} (URL: {pdb_url}): {str(e)}.')
|
print(f"[!] ERROR : Could not download PDB of {pe_path} (URL: {pdb_url}): {str(e)}.")
|
||||||
return False
|
return None, None
|
||||||
return True
|
elif os.path.isfile(pdb_file_path):
|
||||||
|
# todo: check the PDB and PE GUID are identical
|
||||||
|
return pdb_file_path, None
|
||||||
|
|
||||||
|
|
||||||
def extractOffsets(input_file, output_file, mode):
|
def extractOffsets(input_file, output_file, mode):
|
||||||
if os.path.isfile(input_file):
|
if os.path.isfile(input_file):
|
||||||
try:
|
try:
|
||||||
# check image type (ntoskrnl, wdigest, etc.)
|
# check image type (ntoskrnl, wdigest, etc.)
|
||||||
pe = PE(input_file,fast_load=True)
|
pe = PE(input_file, fast_load=True)
|
||||||
pe.parse_data_directories(directories=[DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']])
|
export_directory_entry = pe.OPTIONAL_HEADER.DATA_DIRECTORY[DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_EXPORT"]]
|
||||||
name = pe.DIRECTORY_ENTRY_EXPORT.name.decode().lower()
|
export_directory_rva = export_directory_entry.VirtualAddress
|
||||||
|
image_name_rva = pe.get_dword_at_rva(export_directory_rva + 3 * 4)
|
||||||
|
name = pe.get_string_at_rva(image_name_rva).decode().lower()
|
||||||
if "ntoskrnl.exe" in name:
|
if "ntoskrnl.exe" in name:
|
||||||
imageType = "ntoskrnl"
|
imageType = "ntoskrnl"
|
||||||
elif "wdigest.dll" in name:
|
elif "wdigest.dll" in name:
|
||||||
@@ -184,7 +223,7 @@ def extractOffsets(input_file, output_file, mode):
|
|||||||
print(f"[*] File {input_file} unrecognized")
|
print(f"[*] File {input_file} unrecognized")
|
||||||
return
|
return
|
||||||
|
|
||||||
#todo : remove this and make a unique function
|
# todo : remove this and make a unique function
|
||||||
if mode != imageType:
|
if mode != imageType:
|
||||||
print(f"[*] Skipping {input_file} since we are in {mode} mode")
|
print(f"[*] Skipping {input_file} since we are in {mode} mode")
|
||||||
return
|
return
|
||||||
@@ -194,90 +233,97 @@ def extractOffsets(input_file, output_file, mode):
|
|||||||
|
|
||||||
# Checks if the image version is already present in the CSV
|
# Checks if the image version is already present in the CSV
|
||||||
extension = extensions_by_mode[imageType]
|
extension = extensions_by_mode[imageType]
|
||||||
imageVersion = f'{imageType}_{full_version[2]}-{full_version[3]}.{extension}'
|
imageVersion = f"{imageType}_{full_version[2]}-{full_version[3]}.{extension}"
|
||||||
|
|
||||||
if imageVersion in knownImageVersions[imageType]:
|
if imageVersion in knownImageVersions[imageType]:
|
||||||
print(f'[*] Skipping known {imageType} version {imageVersion} (file: {input_file})')
|
print(f"[*] Skipping known {imageType} version {imageVersion} (file: {input_file})")
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
||||||
# print(f'[*] Processing {imageType} version {imageVersion} (file: {input_file})')
|
# print(f'[*] Processing {imageType} version {imageVersion} (file: {input_file})')
|
||||||
# download the PDB if needed
|
# download the PDB if needed
|
||||||
get_pdb(input_file)
|
pdb_path, pdb_content = get_pdb(pe, input_file, verbose=True)
|
||||||
# dump all symbols
|
# dump all symbols
|
||||||
r = run(["r2", "-c", "idpi", "-qq", '-B', '0', input_file], capture_output=True)
|
pdb = Pdb(path=pdb_path, content=pdb_content)
|
||||||
all_symbols_info = [line.strip() for line in r.stdout.decode().splitlines()]
|
|
||||||
|
|
||||||
if imageType == "ntoskrnl":
|
if imageType == "ntoskrnl":
|
||||||
symbols = [("PspCreateProcessNotifyRoutine",get_symbol_offset),
|
symbols = [
|
||||||
("PspCreateThreadNotifyRoutine",get_symbol_offset),
|
("PspCreateProcessNotifyRoutine", pdb.get_symbol_offset),
|
||||||
("PspLoadImageNotifyRoutine", get_symbol_offset),
|
("PspCreateThreadNotifyRoutine", pdb.get_symbol_offset),
|
||||||
('_PS_PROTECTION Protection', get_field_offset),
|
("PspLoadImageNotifyRoutine", pdb.get_symbol_offset),
|
||||||
("EtwThreatIntProvRegHandle", get_symbol_offset),
|
("_EPROCESS", "Protection", pdb.get_field_offset),
|
||||||
('_ETW_GUID_ENTRY* GuidEntry', get_field_offset),
|
("EtwThreatIntProvRegHandle", pdb.get_symbol_offset),
|
||||||
('_TRACE_ENABLE_INFO ProviderEnableInfo', get_field_offset),
|
("_ETW_REG_ENTRY", "GuidEntry", pdb.get_field_offset),
|
||||||
("PsProcessType", get_symbol_offset),
|
("_ETW_GUID_ENTRY", "ProviderEnableInfo", pdb.get_field_offset),
|
||||||
("PsThreadType", get_symbol_offset),
|
("PsProcessType", pdb.get_symbol_offset),
|
||||||
('struct _LIST_ENTRY CallbackList', get_field_offset)]
|
("PsThreadType", pdb.get_symbol_offset),
|
||||||
|
("_OBJECT_TYPE", "CallbackList", pdb.get_field_offset),
|
||||||
|
]
|
||||||
elif imageType == "wdigest":
|
elif imageType == "wdigest":
|
||||||
symbols = [
|
symbols = [
|
||||||
("g_fParameter_UseLogonCredential",get_symbol_offset),
|
("g_fParameter_UseLogonCredential", pdb.get_symbol_offset),
|
||||||
("g_IsCredGuardEnabled",get_symbol_offset)
|
("g_IsCredGuardEnabled", pdb.get_symbol_offset),
|
||||||
]
|
]
|
||||||
elif imageType == "ci":
|
elif imageType == "ci":
|
||||||
symbols = [
|
symbols = [
|
||||||
("g_CiOptions",get_symbol_offset),
|
("g_CiOptions", pdb.get_symbol_offset),
|
||||||
]
|
]
|
||||||
|
else:
|
||||||
|
raise ValueError(f"Incorrect image type {imageType}")
|
||||||
|
|
||||||
symbols_values = list()
|
symbols_values = list()
|
||||||
for symbol_name, get_offset in symbols:
|
for *symbol_name, get_offset in symbols:
|
||||||
symbol_value = get_offset(all_symbols_info, symbol_name)
|
symbol_value = get_offset(*symbol_name)
|
||||||
|
if symbol_value is None:
|
||||||
|
symbol_value = 0
|
||||||
symbols_values.append(symbol_value)
|
symbols_values.append(symbol_value)
|
||||||
#print(f"[+] {symbol_name} = {hex(symbol_value)}")
|
# print(f"[+] {symbol_name} = {hex(symbol_value)}")
|
||||||
|
|
||||||
with CSVLock:
|
with CSVLock:
|
||||||
with open(output_file, 'a') as output:
|
with open(output_file, "a") as output:
|
||||||
output.write(f'{imageVersion},{",".join(hex(val).replace("0x","") for val in symbols_values)}\n')
|
output.write(f'{imageVersion},{",".join(hex(val).replace("0x","") for val in symbols_values)}\n')
|
||||||
|
|
||||||
#print("wrote into CSV !")
|
# print("wrote into CSV !")
|
||||||
|
del pdb
|
||||||
knownImageVersions[imageType].append(imageVersion)
|
knownImageVersions[imageType].append(imageVersion)
|
||||||
|
print(f"[+] Finished processing of {imageType} {input_file}!")
|
||||||
|
|
||||||
print(f'[+] Finished processing of {imageType} {input_file}!')
|
except PEFormatError as e:
|
||||||
|
# file is not a PE
|
||||||
|
if not input_file.endswith(".pdb"):
|
||||||
|
print(f"[!] ERROR : Could not process file {input_file}: not a valid PE")
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(f'[!] ERROR : Could not process file {input_file}.')
|
print(f"[!] ERROR : Could not process file {input_file}.")
|
||||||
print(f'[!] Error message: {e}')
|
print(f"[!] Error message: {e}")
|
||||||
#print(f'[!] If error is of the like of "\'NoneType\' object has no attribute \'group\'", kernel callbacks may not be supported by this version.')
|
raise e
|
||||||
|
|
||||||
elif os.path.isdir(input_file):
|
elif os.path.isdir(input_file):
|
||||||
print(f'[*] Processing folder: {input_file}')
|
print(f"[*] Processing folder: {input_file}")
|
||||||
with ThreadPoolExecutor(max_workers=THREADS_LIMIT) as extractorPool:
|
with ThreadPoolExecutor(max_workers=THREADS_LIMIT) as extractorPool:
|
||||||
args = [(os.path.join(input_file, file), output_file, mode) for file in os.listdir(input_file)]
|
args = [(os.path.join(input_file, file), output_file, mode) for file in os.listdir(input_file)]
|
||||||
for (i, res) in enumerate(extractorPool.map(extractOffsets, *zip(*args))):
|
for i, res in enumerate(extractorPool.map(extractOffsets, *zip(*args))):
|
||||||
print(f"{i + 1}/{len(args)}", end="\r")
|
print(f"{i + 1}/{len(args)}", end="\r")
|
||||||
print(f'[+] Finished processing of folder {input_file}!')
|
print(f"[+] Finished processing of folder {input_file}!")
|
||||||
|
|
||||||
else:
|
else:
|
||||||
print(f'[!] ERROR : The specified input {input_file} is neither a file nor a directory.')
|
print(f"[!] ERROR : The specified input {input_file} is neither a file nor a directory.")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def loadOffsetsFromCSV(loadedVersions, CSVPath):
|
def loadOffsetsFromCSV(loadedVersions, CSVPath):
|
||||||
print(f'[*] Loading the known known PE versions from "{CSVPath}".')
|
print(f'[*] Loading the known known PE versions from "{CSVPath}".')
|
||||||
|
|
||||||
with open(CSVPath, "r") as csvFile:
|
with open(CSVPath, "r") as csvFile:
|
||||||
csvReader = csv.reader(csvFile, delimiter=',')
|
csvReader = csv.reader(csvFile, delimiter=",")
|
||||||
next(csvReader)
|
next(csvReader)
|
||||||
for peLine in csvReader:
|
for peLine in csvReader:
|
||||||
loadedVersions.append(peLine[0])
|
loadedVersions.append(peLine[0])
|
||||||
|
|
||||||
|
|
||||||
def sortOutputFile(csvFile):
|
def sortOutputFile(csvFile):
|
||||||
def lineKey(line):
|
def lineKey(line):
|
||||||
major = int(line.split("_")[1].split("-")[0])
|
major = int(line.split("_")[1].split("-")[0])
|
||||||
minor = int(line.split("-")[1].split(".")[0])
|
minor = int(line.split("-")[1].split(".")[0])
|
||||||
return (major, minor)
|
return (major, minor)
|
||||||
|
|
||||||
with open(csvFile) as f:
|
with open(csvFile) as f:
|
||||||
header_line = f.readline()
|
header_line = f.readline()
|
||||||
content = f.readlines()
|
content = f.readlines()
|
||||||
@@ -285,16 +331,34 @@ def sortOutputFile(csvFile):
|
|||||||
f.write(header_line)
|
f.write(header_line)
|
||||||
f.writelines(sorted(set(content), key=lineKey))
|
f.writelines(sorted(set(content), key=lineKey))
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
|
if __name__ == "__main__":
|
||||||
parser = argparse.ArgumentParser()
|
parser = argparse.ArgumentParser()
|
||||||
|
|
||||||
parser.add_argument('mode', help='"ntoskrnl", "wdigest" or "ci". Mode to download and extract offsets from either ntoskrnl.exe, wdigest.dll or ci.dll')
|
parser.add_argument(
|
||||||
parser.add_argument('-i', '--input', dest='input', required=True,
|
"mode",
|
||||||
help='Single file or directory containing ntoskrnl.exe / wdigest.dll / ci.dll to extract offsets from. If in download mode, the PE downloaded from MS symbols servers will be placed in this folder.')
|
help='"ntoskrnl", "wdigest" or "ci". Mode to download and extract offsets from either ntoskrnl.exe, wdigest.dll or ci.dll',
|
||||||
parser.add_argument('-o', '--output', dest='output',
|
)
|
||||||
help='CSV file to write offsets to. If the specified file already exists, only new ntoskrnl versions will be downloaded / analyzed. Defaults to NtoskrnlOffsets.csv / WdigestOffsets.csv / CiOffsets.csv in the current folder.')
|
parser.add_argument(
|
||||||
parser.add_argument('-d', '--download', dest='download', action='store_true',
|
"-i",
|
||||||
help='Flag to download the PE from Microsoft servers using list of versions from winbindex.m417z.com.')
|
"--input",
|
||||||
|
dest="input",
|
||||||
|
required=True,
|
||||||
|
help="Single file or directory containing ntoskrnl.exe / wdigest.dll / ci.dll to extract offsets from. If in download mode, the PE downloaded from MS symbols servers will be placed in this folder.",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"-o",
|
||||||
|
"--output",
|
||||||
|
dest="output",
|
||||||
|
help="CSV file to write offsets to. If the specified file already exists, only new ntoskrnl versions will be downloaded / analyzed. Defaults to NtoskrnlOffsets.csv / WdigestOffsets.csv / CiOffsets.csv in the current folder.",
|
||||||
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"-d",
|
||||||
|
"--download",
|
||||||
|
dest="download",
|
||||||
|
action="store_true",
|
||||||
|
help="Flag to download the PE from Microsoft servers using list of versions from winbindex.m417z.com.",
|
||||||
|
)
|
||||||
|
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
mode = args.mode.lower()
|
mode = args.mode.lower()
|
||||||
@@ -302,59 +366,41 @@ if __name__ == '__main__':
|
|||||||
print(f'[!] ERROR : unsupported mode "{args.mode}", supported mode are: "ntoskrnl", "wdigest" and "ci"')
|
print(f'[!] ERROR : unsupported mode "{args.mode}", supported mode are: "ntoskrnl", "wdigest" and "ci"')
|
||||||
exit(1)
|
exit(1)
|
||||||
|
|
||||||
# check R2 version
|
|
||||||
r = run(["r2", "-V"], capture_output=True)
|
|
||||||
if r.returncode != 0:
|
|
||||||
print(f"Error: the following error message was printed while running 'r2 -V':")
|
|
||||||
print(r.stderr)
|
|
||||||
exit(r.returncode)
|
|
||||||
output = r.stdout.decode()
|
|
||||||
"""
|
|
||||||
can be:
|
|
||||||
* a series of lines like "5.5.0 r2\n5.5.0 r_lib\n[...]"
|
|
||||||
* a simple tag "5.8.2-158-gca9763f20d"
|
|
||||||
"""
|
|
||||||
ma,me,mi = map(int, output.splitlines()[0].split(" ")[0].split("-")[0].split("."))
|
|
||||||
if (ma, me, mi) < (5, 0, 0):
|
|
||||||
print("WARNING : This script has been tested with radare2 5.0.0 (works) and 4.3.1 (does NOT work)")
|
|
||||||
print(f"You have version {ma}.{me}.{mi}, if is does not work correctly, meaning most of the offsets are not found (i.e. 0), check radare2's 'idpi' command output and modify get_symbol_offset() & get_field_offset() to parse symbols correctly")
|
|
||||||
input("Press enter to continue")
|
|
||||||
if sys.platform in ["linux"]:
|
|
||||||
# check that cabextract is insalled
|
|
||||||
try:
|
|
||||||
run(["cabextract", "-v"], check=True, capture_output=True)
|
|
||||||
except (subprocess.CalledProcessError, FileNotFoundError):
|
|
||||||
print('[!] ERROR : On Linux systems, radare2 needs cabextract to be installed to work with PDB.')
|
|
||||||
exit(1)
|
|
||||||
|
|
||||||
|
|
||||||
# If the output file exists, load the already analyzed image versions.
|
# If the output file exists, load the already analyzed image versions.
|
||||||
# Otherwise, write CSV headers to the new file.
|
# Otherwise, write CSV headers to the new file.
|
||||||
if not args.output:
|
if not args.output:
|
||||||
args.output = mode.capitalize() + 'Offsets.csv'
|
args.output = mode.capitalize() + "Offsets.csv"
|
||||||
if os.path.isfile(args.output):
|
if os.path.isfile(args.output):
|
||||||
loadOffsetsFromCSV(knownImageVersions[mode], args.output)
|
loadOffsetsFromCSV(knownImageVersions[mode], args.output)
|
||||||
print(f'[+] Loaded {len(knownImageVersions[mode])} known {mode} versions from "{args.output}"')
|
print(f'[+] Loaded {len(knownImageVersions[mode])} known {mode} versions from "{args.output}"')
|
||||||
else:
|
else:
|
||||||
with open(args.output, 'w') as output:
|
with open(args.output, "w") as output:
|
||||||
if mode == "ntoskrnl":
|
if mode == "ntoskrnl":
|
||||||
output.write('ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList\n')
|
output.write(
|
||||||
|
"ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList\n"
|
||||||
|
)
|
||||||
elif mode == "wdigest":
|
elif mode == "wdigest":
|
||||||
output.write('wdigestVersion,g_fParameter_UseLogonCredentialOffset,g_IsCredGuardEnabledOffset\n')
|
output.write("wdigestVersion,g_fParameter_UseLogonCredentialOffset,g_IsCredGuardEnabledOffset\n")
|
||||||
elif mode == "ci":
|
elif mode == "ci":
|
||||||
output.write('g_CiOptionsOffset\n')
|
output.write("g_CiOptionsOffset\n")
|
||||||
else:
|
else:
|
||||||
assert False
|
assert False
|
||||||
|
|
||||||
# In download mode, an updated list of image versions published will be retrieved from https://winbindex.m417z.com.
|
# In download mode, an updated list of image versions published will be retrieved from https://winbindex.m417z.com.
|
||||||
# The symbols for each version will be downloaded from the Microsoft symbols servers.
|
# The symbols for each version will be downloaded from the Microsoft symbols servers.
|
||||||
# Only new versions will be downloaded if the specified output file already contains offsets.
|
# Only new versions will be downloaded if the specified output file already contains offsets.
|
||||||
if (args.download):
|
if args.download:
|
||||||
if not os.path.isdir(args.input):
|
if not os.path.isdir(args.input):
|
||||||
print('[!] ERROR : in download mode, -i / --input option must specify a folder')
|
print("[!] ERROR : in download mode, -i / --input option must specify a folder")
|
||||||
exit(1)
|
exit(1)
|
||||||
extension = extensions_by_mode[mode]
|
extension = extensions_by_mode[mode]
|
||||||
downloadPEFileFromMS(mode, extension, knownImageVersions[mode], args.input)
|
downloadPEFileFromMS(mode, extension, knownImageVersions[mode], args.input)
|
||||||
|
|
||||||
# Extract the offsets from the specified file or the folders containing image files.
|
# Extract the offsets from the specified file or the folders containing image files.
|
||||||
|
import time
|
||||||
|
|
||||||
|
s = time.time()
|
||||||
extractOffsets(args.input, args.output, mode)
|
extractOffsets(args.input, args.output, mode)
|
||||||
|
e = time.time()
|
||||||
|
print(e - s)
|
||||||
sortOutputFile(args.output)
|
sortOutputFile(args.output)
|
||||||
|
|||||||
+421
-264
@@ -1,105 +1,131 @@
|
|||||||
ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList
|
ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList
|
||||||
ntoskrnl_19041-1889.exe,cec060,cec460,cec260,87a,c19dd8,20,60,cfc410,cfc440,c8
|
ntoskrnl_6003-21251.exe,1a9d00,1a9ae0,1a9a80,0,0,10,50,22c020,22c040,228
|
||||||
ntoskrnl_10240-17609.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
ntoskrnl_7601-25740.exe,21c500,21c2e0,21c0c0,0,0,20,50,29e020,29e050,c0
|
||||||
ntoskrnl_10240-17738.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
ntoskrnl_9600-17031.exe,2e1a40,2e1840,2e1640,67a,0,10,50,354020,354048,c8
|
||||||
ntoskrnl_10240-17394.exe,35d420,35d220,35d020,6aa,0,20,50,3c51e8,3c5200,c8
|
ntoskrnl_9600-19321.exe,2dcb10,2dc910,2dc710,67a,0,20,50,34f030,34f048,c8
|
||||||
|
ntoskrnl_9600-19376.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8
|
||||||
|
ntoskrnl_9600-19426.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8
|
||||||
|
ntoskrnl_9600-20111.exe,2dac50,2daa50,2da850,67a,0,20,50,34d030,34d048,c8
|
||||||
|
ntoskrnl_9600-20144.exe,2dac50,2daa50,2da850,67a,0,20,50,34d030,34d048,c8
|
||||||
ntoskrnl_10240-16384.exe,35d2e0,35d0e0,35cee0,6aa,0,20,50,3c51e8,3c5200,c8
|
ntoskrnl_10240-16384.exe,35d2e0,35d0e0,35cee0,6aa,0,20,50,3c51e8,3c5200,c8
|
||||||
ntoskrnl_10240-17643.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
ntoskrnl_10240-17394.exe,35d420,35d220,35d020,6aa,0,20,50,3c51e8,3c5200,c8
|
||||||
ntoskrnl_10240-17446.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8
|
|
||||||
ntoskrnl_10240-17709.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
|
||||||
ntoskrnl_10240-17770.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
|
||||||
ntoskrnl_10240-17533.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
|
||||||
ntoskrnl_10240-17488.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
|
||||||
ntoskrnl_10240-17443.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8
|
ntoskrnl_10240-17443.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
ntoskrnl_10240-18005.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8
|
ntoskrnl_10240-17446.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
|
ntoskrnl_10240-17488.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
|
ntoskrnl_10240-17533.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
|
ntoskrnl_10240-17609.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
|
ntoskrnl_10240-17643.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
|
ntoskrnl_10240-17709.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8
|
||||||
|
ntoskrnl_10240-17738.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
||||||
|
ntoskrnl_10240-17741.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
||||||
|
ntoskrnl_10240-17770.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
||||||
ntoskrnl_10240-17797.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
ntoskrnl_10240-17797.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
||||||
ntoskrnl_10240-18063.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
|
||||||
ntoskrnl_10240-17831.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
ntoskrnl_10240-17831.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8
|
||||||
ntoskrnl_10240-17889.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8
|
|
||||||
ntoskrnl_10240-17976.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8
|
|
||||||
ntoskrnl_10240-17861.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cd228,3cd240,c8
|
ntoskrnl_10240-17861.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cd228,3cd240,c8
|
||||||
ntoskrnl_10240-18158.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
ntoskrnl_10240-17889.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
ntoskrnl_10240-18036.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
|
||||||
ntoskrnl_10240-18132.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
|
||||||
ntoskrnl_10240-18094.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
|
||||||
ntoskrnl_10240-17914.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8
|
ntoskrnl_10240-17914.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
ntoskrnl_10240-18545.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
ntoskrnl_10240-17976.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18005.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18036.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18063.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18094.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18132.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18135.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18158.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18187.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
|
ntoskrnl_10240-18215.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
ntoskrnl_10240-18275.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
ntoskrnl_10240-18275.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
ntoskrnl_10240-18303.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
ntoskrnl_10240-18303.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
ntoskrnl_10240-18452.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8
|
ntoskrnl_10240-18333.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8
|
||||||
ntoskrnl_10240-18575.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
|
||||||
ntoskrnl_10240-18427.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8
|
ntoskrnl_10240-18427.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
ntoskrnl_10240-18638.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
ntoskrnl_10240-18452.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
ntoskrnl_10240-18608.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
|
||||||
ntoskrnl_10240-18485.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
ntoskrnl_10240-18485.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
||||||
|
ntoskrnl_10240-18545.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
||||||
|
ntoskrnl_10240-18575.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
||||||
|
ntoskrnl_10240-18608.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
||||||
|
ntoskrnl_10240-18609.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
||||||
|
ntoskrnl_10240-18638.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8
|
||||||
ntoskrnl_10240-18666.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
ntoskrnl_10240-18666.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
ntoskrnl_10240-18725.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
ntoskrnl_10240-18725.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
ntoskrnl_10240-18756.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
ntoskrnl_10240-18756.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
ntoskrnl_10240-19119.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8
|
|
||||||
ntoskrnl_10240-18906.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
|
||||||
ntoskrnl_10240-18841.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
ntoskrnl_10240-18841.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
|
ntoskrnl_10240-18906.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8
|
||||||
ntoskrnl_10240-19086.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8
|
ntoskrnl_10240-19086.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
|
ntoskrnl_10240-19119.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
ntoskrnl_10240-19145.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8
|
ntoskrnl_10240-19145.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
|
ntoskrnl_10240-19204.exe,3664a0,3662a0,3660a0,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
|
ntoskrnl_10240-19235.exe,366520,366320,366120,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
|
ntoskrnl_10240-19325.exe,366520,366320,366120,6b2,0,20,50,3cc228,3cc248,c8
|
||||||
|
ntoskrnl_10240-19567.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3cf228,3cf248,c8
|
||||||
|
ntoskrnl_10240-19869.exe,369520,369320,369120,6b2,0,20,50,3cf230,3cf248,c8
|
||||||
|
ntoskrnl_10240-19983.exe,3695a0,3693a0,3691a0,6b2,0,20,50,3cf230,3cf248,c8
|
||||||
|
ntoskrnl_10240-20048.exe,369520,369320,369120,6b2,0,20,50,3cf230,3cf248,c8
|
||||||
|
ntoskrnl_10240-20107.exe,3695a0,3693a0,3691a0,6b2,0,20,50,3cf228,3cf248,c8
|
||||||
|
ntoskrnl_10240-20161.exe,369560,369360,369160,6b2,0,20,50,3cf228,3cf248,c8
|
||||||
|
ntoskrnl_10240-20232.exe,369560,369360,369160,6b2,0,20,50,3cf228,3cf248,c8
|
||||||
ntoskrnl_10586-0.exe,317180,316f80,316d80,6b2,0,20,50,37f228,37f248,c8
|
ntoskrnl_10586-0.exe,317180,316f80,316d80,6b2,0,20,50,37f228,37f248,c8
|
||||||
|
ntoskrnl_10586-1176.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8
|
||||||
ntoskrnl_10586-1177.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8
|
ntoskrnl_10586-1177.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8
|
||||||
ntoskrnl_10586-1295.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8
|
ntoskrnl_10586-1295.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8
|
||||||
ntoskrnl_10586-1176.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8
|
|
||||||
ntoskrnl_10240-19235.exe,366520,366320,366120,6b2,0,20,50,3cc228,3cc248,c8
|
|
||||||
ntoskrnl_10586-1356.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
ntoskrnl_10586-1356.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
||||||
|
ntoskrnl_10586-1358.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
||||||
ntoskrnl_10586-1417.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
ntoskrnl_10586-1417.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
||||||
ntoskrnl_10586-1478.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
ntoskrnl_10586-1478.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8
|
||||||
ntoskrnl_10586-1540.exe,31a300,31a100,319f00,6ba,0,20,50,382228,382248,c8
|
ntoskrnl_10586-1540.exe,31a300,31a100,319f00,6ba,0,20,50,382228,382248,c8
|
||||||
ntoskrnl_14393-2214.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8
|
|
||||||
ntoskrnl_14393-1198.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8
|
|
||||||
ntoskrnl_14393-1670.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
|
||||||
ntoskrnl_14393-1770.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
|
||||||
ntoskrnl_14393-0.exe,33bba0,33b9a0,33b7a0,6c2,0,20,50,3a8210,3a8230,c8
|
ntoskrnl_14393-0.exe,33bba0,33b9a0,33b7a0,6c2,0,20,50,3a8210,3a8230,c8
|
||||||
|
ntoskrnl_14393-576.exe,33bca0,33baa0,33b8a0,6c2,0,20,50,3a8210,3a8230,c8
|
||||||
|
ntoskrnl_14393-726.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8
|
||||||
|
ntoskrnl_14393-953.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8
|
||||||
|
ntoskrnl_14393-1198.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8
|
||||||
ntoskrnl_14393-1532.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
ntoskrnl_14393-1532.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
||||||
ntoskrnl_14393-2189.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8
|
ntoskrnl_14393-1670.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
||||||
ntoskrnl_14393-2248.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8
|
|
||||||
ntoskrnl_14393-1737.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
ntoskrnl_14393-1737.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
||||||
|
ntoskrnl_14393-1770.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8
|
||||||
|
ntoskrnl_14393-2189.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8
|
||||||
|
ntoskrnl_14393-2214.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8
|
||||||
|
ntoskrnl_14393-2248.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8
|
||||||
ntoskrnl_14393-2273.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8
|
ntoskrnl_14393-2273.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8
|
||||||
ntoskrnl_14393-2363.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8
|
|
||||||
ntoskrnl_14393-2312.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8
|
ntoskrnl_14393-2312.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-2363.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-2395.exe,33bb60,33b960,33b760,6ca,0,20,50,3a8250,3a8278,c8
|
||||||
ntoskrnl_14393-2430.exe,338b60,338960,338760,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2430.exe,338b60,338960,338760,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2485.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2485.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2395.exe,33bb60,33b960,33b760,6ca,0,20,50,3a8250,3a8278,c8
|
|
||||||
ntoskrnl_14393-2580.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
|
||||||
ntoskrnl_14393-2551.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2551.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2636.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2580.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2608.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2608.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
|
ntoskrnl_14393-2636.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2665.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2665.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2724.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2724.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2791.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2791.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-2969.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
|
||||||
ntoskrnl_14393-2906.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
|
||||||
ntoskrnl_14393-2848.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
ntoskrnl_14393-2848.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
ntoskrnl_14393-3204.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-2906.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8
|
||||||
|
ntoskrnl_14393-2969.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3085.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3085.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3115.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3115.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3269.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
|
||||||
ntoskrnl_14393-3143.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3143.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
|
ntoskrnl_14393-3204.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3241.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3241.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
|
ntoskrnl_14393-3269.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3297.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3297.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3321.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3321.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3383.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3383.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3442.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-3442.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-3471.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3471.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3564.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-3503.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3503.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3541.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3541.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
|
ntoskrnl_14393-3564.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3595.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3595.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3630.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3630.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
|
ntoskrnl_14393-3659.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3686.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3686.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
|
ntoskrnl_14393-3750.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3755.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3755.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3808.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3808.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3750.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-3659.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-3930.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-3866.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3866.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
|
ntoskrnl_14393-3930.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-3986.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-3986.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4104.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-4046.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4046.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
|
ntoskrnl_14393-4104.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4169.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4169.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4225.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4225.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4283.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4283.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
@@ -107,267 +133,350 @@ ntoskrnl_14393-4350.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
|||||||
ntoskrnl_14393-4402.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4402.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4467.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4467.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4470.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4470.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4583.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-4530.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4530.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
|
ntoskrnl_14393-4583.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4651.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4651.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4704.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-4704.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-4770.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-4770.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-4825.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-4825.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
ntoskrnl_14393-4771.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
|
||||||
ntoskrnl_14393-4827.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
ntoskrnl_14393-4827.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8
|
||||||
|
ntoskrnl_14393-4886.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4889.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4889.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4946.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-4946.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-5006.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-5006.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-4886.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8
|
|
||||||
ntoskrnl_14393-5066.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-5066.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-5125.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-5125.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-5192.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
ntoskrnl_14393-5192.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8
|
||||||
ntoskrnl_14393-5246.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8
|
ntoskrnl_14393-5246.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8
|
||||||
ntoskrnl_14393-576.exe,33bca0,33baa0,33b8a0,6c2,0,20,50,3a8210,3a8230,c8
|
ntoskrnl_14393-5291.exe,33aea0,33aca0,33aaa0,6ca,0,20,50,3a7258,3a7278,c8
|
||||||
ntoskrnl_14393-693.exe,33bca0,33baa0,33b8a0,6c2,0,20,50,3a8210,3a8230,c8
|
ntoskrnl_14393-5356.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8
|
||||||
ntoskrnl_14393-726.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8
|
ntoskrnl_14393-5427.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8
|
||||||
ntoskrnl_14393-953.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8
|
ntoskrnl_14393-5429.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8
|
||||||
ntoskrnl_15063-1155.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8
|
ntoskrnl_14393-5501.exe,33dde0,33dbe0,33d9e0,6ca,0,20,50,3aa250,3aa278,c8
|
||||||
|
ntoskrnl_14393-5582.exe,33dee0,33dce0,33dae0,6ca,0,20,50,3aa250,3aa278,c8
|
||||||
|
ntoskrnl_14393-5648.exe,33cee0,33cce0,33cae0,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-5717.exe,33cea0,33cca0,33caa0,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-5786.exe,33cde0,33cbe0,33c9e0,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-5850.exe,33cee0,33cce0,33cae0,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-5921.exe,33ce20,33cc20,33ca20,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-5996.exe,33cf20,33cd20,33cb20,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-6085.exe,33cea0,33cca0,33caa0,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_14393-6167.exe,33ce60,33cc60,33ca60,6ca,0,20,50,3a9250,3a9278,c8
|
||||||
|
ntoskrnl_15063-0.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8
|
||||||
|
ntoskrnl_15063-13.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8
|
||||||
|
ntoskrnl_15063-296.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8
|
||||||
|
ntoskrnl_15063-674.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8
|
||||||
|
ntoskrnl_15063-675.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8
|
||||||
|
ntoskrnl_15063-786.exe,382310,382110,381f10,6ca,341ec8,20,50,3e1f98,3e1fb0,c8
|
||||||
|
ntoskrnl_15063-850.exe,389450,389250,389050,6ca,348fb8,20,50,3e7f98,3e7fb0,c8
|
||||||
|
ntoskrnl_15063-909.exe,389510,389310,389110,6ca,348fa8,20,50,3e7f98,3e7fb0,c8
|
||||||
|
ntoskrnl_15063-966.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8
|
||||||
|
ntoskrnl_15063-1029.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8
|
||||||
ntoskrnl_15063-1088.exe,3894d0,3892d0,3890d0,6ca,348fb8,20,50,3e7f98,3e7fb0,c8
|
ntoskrnl_15063-1088.exe,3894d0,3892d0,3890d0,6ca,348fb8,20,50,3e7f98,3e7fb0,c8
|
||||||
|
ntoskrnl_15063-1155.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8
|
||||||
ntoskrnl_15063-1206.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8
|
ntoskrnl_15063-1206.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8
|
||||||
ntoskrnl_15063-1266.exe,384410,384210,384010,6ca,343f48,20,50,3e2f98,3e2fb8,c8
|
ntoskrnl_15063-1266.exe,384410,384210,384010,6ca,343f48,20,50,3e2f98,3e2fb8,c8
|
||||||
ntoskrnl_15063-1029.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8
|
|
||||||
ntoskrnl_15063-13.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8
|
|
||||||
ntoskrnl_15063-1324.exe,385490,385290,385090,6ca,344f88,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1324.exe,385490,385290,385090,6ca,344f88,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1387.exe,385490,385290,385090,6ca,344f98,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1387.exe,385490,385290,385090,6ca,344f98,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1418.exe,385490,385290,385090,6ca,344f98,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1418.exe,385490,385290,385090,6ca,344f98,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1446.exe,385490,385290,385090,6ca,344fa8,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1446.exe,385490,385290,385090,6ca,344fa8,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1478.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1478.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1596.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1506.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1563.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1563.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1746.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1596.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1631.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1631.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1805.exe,3853d0,3851d0,384fd0,6ca,344e78,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1659.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1987.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
|
||||||
ntoskrnl_15063-1689.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1689.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1716.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1746.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1779.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1805.exe,3853d0,3851d0,384fd0,6ca,344e78,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1836.exe,3853d0,3851d0,384fd0,6ca,344e78,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1897.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-1928.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-1928.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1955.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
|
ntoskrnl_15063-1987.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-2017.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-2017.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-2045.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-2045.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-2076.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-2076.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-2106.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-2106.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-2283.exe,385410,385210,385010,6ca,344e68,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-2283.exe,385410,385210,385010,6ca,344e68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-674.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8
|
ntoskrnl_15063-2411.exe,385410,385210,385010,6ca,344e68,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-296.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8
|
|
||||||
ntoskrnl_15063-850.exe,389450,389250,389050,6ca,348fb8,20,50,3e7f98,3e7fb0,c8
|
|
||||||
ntoskrnl_15063-2500.exe,3853d0,3851d0,384fd0,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
ntoskrnl_15063-2500.exe,3853d0,3851d0,384fd0,6ca,344e48,20,50,3e3f98,3e3fb8,c8
|
||||||
ntoskrnl_15063-786.exe,382310,382110,381f10,6ca,341ec8,20,50,3e1f98,3e1fb0,c8
|
|
||||||
ntoskrnl_15063-966.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8
|
|
||||||
ntoskrnl_15063-675.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8
|
|
||||||
ntoskrnl_15063-909.exe,389510,389310,389110,6ca,348fa8,20,50,3e7f98,3e7fb0,c8
|
|
||||||
ntoskrnl_16299-1004.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1087.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1029.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1120.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1146.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1182.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1217.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
|
||||||
ntoskrnl_16299-125.exe,398a80,398c80,398e80,6ca,356980,20,50,3f90d0,3f90f0,c8
|
|
||||||
ntoskrnl_16299-1364.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
|
||||||
ntoskrnl_16299-1419.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8
|
|
||||||
ntoskrnl_16299-1448.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8
|
|
||||||
ntoskrnl_16299-15.exe,398c80,398e80,398a80,6ca,356908,20,50,3f90d0,3f90f0,c8
|
ntoskrnl_16299-15.exe,398c80,398e80,398a80,6ca,356908,20,50,3f90d0,3f90f0,c8
|
||||||
ntoskrnl_16299-1331.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
|
||||||
ntoskrnl_16299-1622.exe,3a0fc0,3a0bc0,3a0dc0,6ca,35e988,20,50,4010d0,4010f8,c8
|
|
||||||
ntoskrnl_16299-1747.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-1775.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-192.exe,39dd40,39df40,39db40,6ca,35b980,20,50,3fd0d0,3fd0f0,c8
|
|
||||||
ntoskrnl_16299-19.exe,398c80,398e80,398a80,6ca,3568e8,20,50,3f90d0,3f90f0,c8
|
ntoskrnl_16299-19.exe,398c80,398e80,398a80,6ca,3568e8,20,50,3f90d0,3f90f0,c8
|
||||||
ntoskrnl_16299-2166.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8
|
ntoskrnl_16299-64.exe,398c40,398e40,398a40,6ca,3568e8,20,50,3f90d0,3f90f0,c8
|
||||||
ntoskrnl_16299-2045.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8
|
ntoskrnl_16299-98.exe,398ec0,398ac0,398cc0,6ca,356980,20,50,3f90d0,3f90f0,c8
|
||||||
ntoskrnl_16299-1992.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-125.exe,398a80,398c80,398e80,6ca,356980,20,50,3f90d0,3f90f0,c8
|
||||||
|
ntoskrnl_16299-192.exe,39dd40,39df40,39db40,6ca,35b980,20,50,3fd0d0,3fd0f0,c8
|
||||||
ntoskrnl_16299-214.exe,39ddc0,39dfc0,39dbc0,6ca,35b980,20,50,3fe0d0,3fe0f0,c8
|
ntoskrnl_16299-214.exe,39ddc0,39dfc0,39dbc0,6ca,35b980,20,50,3fe0d0,3fe0f0,c8
|
||||||
ntoskrnl_16299-309.exe,39e0c0,39dcc0,39dec0,6ca,35bae8,20,50,3fe0d0,3fe0f0,c8
|
|
||||||
ntoskrnl_16299-251.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8
|
|
||||||
ntoskrnl_16299-248.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8
|
ntoskrnl_16299-248.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8
|
||||||
|
ntoskrnl_16299-251.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8
|
||||||
|
ntoskrnl_16299-309.exe,39e0c0,39dcc0,39dec0,6ca,35bae8,20,50,3fe0d0,3fe0f0,c8
|
||||||
ntoskrnl_16299-334.exe,39e0c0,39dcc0,39dec0,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8
|
ntoskrnl_16299-334.exe,39e0c0,39dcc0,39dec0,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8
|
||||||
ntoskrnl_16299-371.exe,39ce40,39d040,39cc40,6ca,35aa00,20,50,3fd0d0,3fd0f0,c8
|
ntoskrnl_16299-371.exe,39ce40,39d040,39cc40,6ca,35aa00,20,50,3fd0d0,3fd0f0,c8
|
||||||
|
ntoskrnl_16299-402.exe,39d0c0,39ccc0,39cec0,6ca,35aaa8,20,50,3fd0d0,3fd0f0,c8
|
||||||
ntoskrnl_16299-431.exe,39ce00,39d000,39cc00,6ca,35aa00,20,50,3fd0d0,3fd0f0,c8
|
ntoskrnl_16299-431.exe,39ce00,39d000,39cc00,6ca,35aa00,20,50,3fd0d0,3fd0f0,c8
|
||||||
ntoskrnl_16299-461.exe,39d080,39cc80,39ce80,6ca,35aa88,20,50,3fd0d0,3fd0f0,c8
|
ntoskrnl_16299-461.exe,39d080,39cc80,39ce80,6ca,35aa88,20,50,3fd0d0,3fd0f0,c8
|
||||||
ntoskrnl_16299-402.exe,39d0c0,39ccc0,39cec0,6ca,35aaa8,20,50,3fd0d0,3fd0f0,c8
|
|
||||||
ntoskrnl_16299-492.exe,39b080,39ac80,39ae80,6ca,358aa8,20,50,3fb0d0,3fb0f8,c8
|
ntoskrnl_16299-492.exe,39b080,39ac80,39ae80,6ca,358aa8,20,50,3fb0d0,3fb0f8,c8
|
||||||
ntoskrnl_16299-522.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
ntoskrnl_16299-522.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
||||||
ntoskrnl_16299-551.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
|
||||||
ntoskrnl_16299-547.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
ntoskrnl_16299-547.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
||||||
ntoskrnl_16299-637.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-551.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
||||||
ntoskrnl_16299-611.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-579.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
ntoskrnl_16299-579.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8
|
||||||
ntoskrnl_16299-64.exe,398c40,398e40,398a40,6ca,3568e8,20,50,3f90d0,3f90f0,c8
|
ntoskrnl_16299-611.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-637.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-665.exe,39fe80,3a0080,39fc80,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-665.exe,39fe80,3a0080,39fc80,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-699.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8
|
|
||||||
ntoskrnl_16299-666.exe,39fe80,3a0080,39fc80,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-666.exe,39fe80,3a0080,39fc80,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-699.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-726.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-726.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-755.exe,3a0080,39fc80,39fe80,6ca,35da88,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-755.exe,3a0080,39fc80,39fe80,6ca,35da88,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-785.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-785.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-820.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-820.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-846.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-846.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-98.exe,398ec0,398ac0,398cc0,6ca,356980,20,50,3f90d0,3f90f0,c8
|
|
||||||
ntoskrnl_16299-904.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-904.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-936.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
ntoskrnl_16299-967.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
ntoskrnl_16299-967.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1004.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1029.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1059.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1087.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1120.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1146.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1182.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1217.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1237.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1296.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1331.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1364.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1387.exe,3a0e80,3a1080,3a0c80,6ca,35e960,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1419.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1448.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1480.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1622.exe,3a0fc0,3a0bc0,3a0dc0,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1653.exe,3a0fc0,3a0bc0,3a0dc0,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-1715.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1747.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1775.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1776.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1937.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-1992.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8
|
||||||
|
ntoskrnl_16299-2045.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
|
ntoskrnl_16299-2166.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8
|
||||||
ntoskrnl_17134-1.exe,3f4ef0,3f50f0,3f4cf0,6ca,3b2120,20,50,45e250,45e270,c8
|
ntoskrnl_17134-1.exe,3f4ef0,3f50f0,3f4cf0,6ca,3b2120,20,50,45e250,45e270,c8
|
||||||
ntoskrnl_17134-1006.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fc8,20,50,44d250,44d278,c8
|
ntoskrnl_17134-48.exe,3f5030,3f4c30,3f4e30,6ca,3b20e8,20,50,45e250,45e270,c8
|
||||||
ntoskrnl_17134-1038.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8
|
ntoskrnl_17134-81.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8
|
||||||
ntoskrnl_17134-1098.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8
|
ntoskrnl_17134-83.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8
|
||||||
ntoskrnl_17134-1067.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-112.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
ntoskrnl_17134-112.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
||||||
ntoskrnl_17134-1130.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-1246.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-1345.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-1184.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-1365.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-137.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
ntoskrnl_17134-137.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
||||||
ntoskrnl_17134-1304.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fe8,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-1425.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-1488.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-1550.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-165.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
ntoskrnl_17134-165.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
||||||
ntoskrnl_17134-1610.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-1667.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-1845.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-167.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
ntoskrnl_17134-167.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8
|
||||||
ntoskrnl_17134-1726.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-1792.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-1902.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-191.exe,3f2e30,3f3030,3f2c30,6ca,3b0088,20,50,45c250,45c278,c8
|
ntoskrnl_17134-191.exe,3f2e30,3f3030,3f2c30,6ca,3b0088,20,50,45c250,45c278,c8
|
||||||
ntoskrnl_17134-1967.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-2026.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-2208.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-2087.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-2145.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8
|
|
||||||
ntoskrnl_17134-254.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8
|
|
||||||
ntoskrnl_17134-228.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-228.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-320.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3120,20,50,44e250,44e278,c8
|
ntoskrnl_17134-254.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-285.exe,3e6030,3e5c30,3e5e30,6ca,3a3100,20,50,44e250,44e278,c8
|
ntoskrnl_17134-285.exe,3e6030,3e5c30,3e5e30,6ca,3a3100,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-286.exe,3e6030,3e5c30,3e5e30,6ca,3a3100,20,50,44e250,44e278,c8
|
ntoskrnl_17134-286.exe,3e6030,3e5c30,3e5e30,6ca,3a3100,20,50,44e250,44e278,c8
|
||||||
|
ntoskrnl_17134-320.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3120,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-345.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3160,20,50,44e250,44e278,c8
|
ntoskrnl_17134-345.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3160,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-376.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-376.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-407.exe,3e5f30,3e5b30,3e5d30,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-407.exe,3e5f30,3e5b30,3e5d30,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-471.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-471.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-472.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-472.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-523.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-523.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-48.exe,3f5030,3f4c30,3f4e30,6ca,3b20e8,20,50,45e250,45e270,c8
|
|
||||||
ntoskrnl_17134-556.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-556.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-765.exe,0,0,0,0,0,0,0,0,0,0
|
|
||||||
ntoskrnl_17134-648.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
|
||||||
ntoskrnl_17134-590.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-590.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
ntoskrnl_17134-677.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-753.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-706.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-619.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
ntoskrnl_17134-619.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
|
ntoskrnl_17134-648.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8
|
||||||
|
ntoskrnl_17134-677.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-706.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-753.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-765.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1f48,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17134-766.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1f48,20,50,44d250,44d278,c8
|
ntoskrnl_17134-766.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1f48,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17134-829.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17134-799.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
ntoskrnl_17134-799.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17134-81.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8
|
ntoskrnl_17134-829.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17134-950.exe,0,0,0,0,0,0,0,0,0,0
|
|
||||||
ntoskrnl_17763-1007.exe,0,0,0,0,0,0,0,0,0,0
|
|
||||||
ntoskrnl_17134-858.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
ntoskrnl_17134-858.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17134-83.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8
|
|
||||||
ntoskrnl_17134-915.exe,3e4d70,3e4f70,3e4b70,6ca,3a1fa8,20,50,44d250,44d278,c8
|
|
||||||
ntoskrnl_17763-1.exe,0,0,0,0,0,0,0,0,0,0
|
|
||||||
ntoskrnl_17134-885.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
ntoskrnl_17134-885.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-915.exe,3e4d70,3e4f70,3e4b70,6ca,3a1fa8,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-950.exe,3e4d70,3e4f70,3e4b70,6ca,3a1fa8,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17134-982.exe,3e4f30,3e4b30,3e4d30,6ca,3a1fd0,20,50,44d250,44d278,c8
|
ntoskrnl_17134-982.exe,3e4f30,3e4b30,3e4d30,6ca,3a1fd0,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17763-1039.exe,0,0,0,0,0,0,0,0,0,0
|
ntoskrnl_17134-1006.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fc8,20,50,44d250,44d278,c8
|
||||||
ntoskrnl_17763-107.exe,0,0,0,0,0,0,0,0,0,0
|
ntoskrnl_17134-1038.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1067.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1098.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1130.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1184.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1246.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1276.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1304.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fe8,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1345.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1365.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1399.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1401.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1425.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8
|
||||||
|
ntoskrnl_17134-1456.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1488.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1550.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1553.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1610.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1667.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1726.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1792.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1845.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1902.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-1967.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-2026.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-2087.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-2145.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17134-2208.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8
|
||||||
|
ntoskrnl_17763-1.exe,45c4b0,45c0b0,45c2b0,6ca,40f038,20,50,4c52d0,4c52f8,c8
|
||||||
|
ntoskrnl_17763-55.exe,45c4f0,45c0f0,45c2f0,6ca,40f098,20,50,4c52d0,4c52f8,c8
|
||||||
|
ntoskrnl_17763-107.exe,45c430,45c030,45c230,6ca,40f018,20,50,4c52d0,4c52f8,c8
|
||||||
|
ntoskrnl_17763-134.exe,45c430,45c030,45c230,6ca,40efd8,20,50,4c52d0,4c52f8,c8
|
||||||
|
ntoskrnl_17763-168.exe,4dad70,4da970,4dab70,6ca,40b078,20,50,5442d0,5442f8,c8
|
||||||
|
ntoskrnl_17763-194.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8
|
||||||
|
ntoskrnl_17763-195.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8
|
||||||
|
ntoskrnl_17763-253.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8
|
||||||
|
ntoskrnl_17763-292.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-316.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-348.exe,4dabb0,4da7b0,4da9b0,6ca,40afb8,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-379.exe,4dabf0,4da7f0,4da9f0,6ca,40aff8,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-404.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-437.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-439.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-475.exe,4daaf0,4dacf0,4da8f0,6ca,40b730,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-503.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-504.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-529.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-557.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-593.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-615.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-652.exe,4dabf0,4da7f0,4da9f0,6ca,40b5f0,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-678.exe,4dac30,4da830,4daa30,6ca,40b610,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-719.exe,4daa30,4dac30,4da830,6ca,40b658,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-737.exe,4da9f0,4dabf0,4da7f0,6ca,40b5d8,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-771.exe,4dac70,4da870,4daa70,6ca,40b630,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-802.exe,4dacb0,4da8b0,4daab0,6ca,40b6c0,20,50,5432d0,5432f8,c8
|
||||||
|
ntoskrnl_17763-831.exe,4d8c70,4d8870,4d8a70,6ca,409610,20,50,5412d0,5412f8,c8
|
||||||
|
ntoskrnl_17763-864.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8
|
||||||
|
ntoskrnl_17763-914.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8
|
||||||
|
ntoskrnl_17763-973.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8
|
||||||
|
ntoskrnl_17763-1007.exe,4d8c30,4d8830,4d8a30,6ca,4096a0,20,50,5412d0,5412f8,c8
|
||||||
|
ntoskrnl_17763-1039.exe,4d8b30,4d8d30,4d8930,6ca,409698,20,50,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-1075.exe,4d9d30,4d9930,4d9b30,6ca,40a650,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1075.exe,4d9d30,4d9930,4d9b30,6ca,40a650,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1098.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1098.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1192.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8
|
|
||||||
ntoskrnl_17763-1158.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8
|
|
||||||
ntoskrnl_17763-1131.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1131.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8
|
||||||
|
ntoskrnl_17763-1132.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8
|
||||||
|
ntoskrnl_17763-1158.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8
|
||||||
|
ntoskrnl_17763-1192.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1217.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1217.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1282.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1282.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1339.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
|
||||||
ntoskrnl_17763-1294.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1294.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-134.exe,45c430,45c030,45c230,6ca,40efd8,20,50,4c52d0,4c52f8,c8
|
ntoskrnl_17763-1339.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1369.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1369.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1397.exe,4d9bf0,4d97f0,4d99f0,6ca,40a6c0,20,60,5422d0,5422f8,c8
|
ntoskrnl_17763-1397.exe,4d9bf0,4d97f0,4d99f0,6ca,40a6c0,20,60,5422d0,5422f8,c8
|
||||||
ntoskrnl_17763-1432.exe,4d7b30,4d7d30,4d7930,6ca,408698,20,60,5402d0,5402f8,c8
|
ntoskrnl_17763-1432.exe,4d7b30,4d7d30,4d7930,6ca,408698,20,60,5402d0,5402f8,c8
|
||||||
ntoskrnl_17763-1457.exe,4d7b30,4d7d30,4d7930,6ca,408698,20,60,5402d0,5402f8,c8
|
ntoskrnl_17763-1457.exe,4d7b30,4d7d30,4d7930,6ca,408698,20,60,5402d0,5402f8,c8
|
||||||
ntoskrnl_17763-1490.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1490.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1554.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-1518.exe,4d5b30,4d5d30,4d5930,6ca,406698,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1518.exe,4d5b30,4d5d30,4d5930,6ca,406698,20,60,53e2d0,53e2f8,c8
|
||||||
|
ntoskrnl_17763-1554.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1577.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1577.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-168.exe,4dad70,4da970,4dab70,6ca,40b078,20,50,5442d0,5442f8,c8
|
ntoskrnl_17763-1613.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1637.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1637.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1697.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1697.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1613.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-1728.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1728.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1757.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1757.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1790.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1790.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1817.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1817.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1821.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1821.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1823.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1823.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-1879.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-1935.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8
|
|
||||||
ntoskrnl_17763-1911.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8
|
|
||||||
ntoskrnl_17763-1852.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-1852.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-194.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8
|
ntoskrnl_17763-1879.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-195.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8
|
ntoskrnl_17763-1911.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8
|
||||||
|
ntoskrnl_17763-1935.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8
|
||||||
|
ntoskrnl_17763-1971.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-1999.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-1999.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2028.exe,4d67b0,4d69b0,4d65b0,6ca,407418,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2028.exe,4d67b0,4d69b0,4d65b0,6ca,407418,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-1971.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8
|
|
||||||
ntoskrnl_17763-2029.exe,4d67b0,4d69b0,4d65b0,6ca,407418,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2029.exe,4d67b0,4d69b0,4d65b0,6ca,407418,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2090.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-2061.exe,4d58f0,4d5af0,4d56f0,6ca,406430,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-2061.exe,4d58f0,4d5af0,4d56f0,6ca,406430,20,60,53e2d0,53e2f8,c8
|
||||||
|
ntoskrnl_17763-2090.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-2114.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-2114.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-2183.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8
|
|
||||||
ntoskrnl_17763-2145.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2145.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
|
ntoskrnl_17763-2183.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2213.exe,4d6b70,4d6770,4d6970,6ca,407438,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2213.exe,4d6b70,4d6770,4d6970,6ca,407438,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2268.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-2305.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-2300.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-2330.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
|
||||||
ntoskrnl_17763-2237.exe,4d6b70,4d6770,4d6970,6ca,407438,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2237.exe,4d6b70,4d6770,4d6970,6ca,407438,20,60,53f2d0,53f2f8,c8
|
||||||
|
ntoskrnl_17763-2268.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
||||||
|
ntoskrnl_17763-2300.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
||||||
|
ntoskrnl_17763-2305.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
||||||
|
ntoskrnl_17763-2330.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-2366.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
ntoskrnl_17763-2366.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8
|
||||||
ntoskrnl_17763-2452.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2452.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2510.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
|
||||||
ntoskrnl_17763-2458.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2458.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-253.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8
|
ntoskrnl_17763-2510.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2565.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2565.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2628.exe,4d68f0,4d6af0,4d66f0,6ca,407438,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2628.exe,4d68f0,4d6af0,4d66f0,6ca,407438,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2686.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2686.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2746.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2746.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2803.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2803.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2867.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2867.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-292.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8
|
|
||||||
ntoskrnl_17763-2928.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2928.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-2931.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2931.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-3046.exe,4d6840,4d6a40,4d6640,6ca,407430,20,60,53f2d0,53f2f8,c8
|
|
||||||
ntoskrnl_17763-2989.exe,4d6880,4d6a80,4d6680,6ca,407450,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-2989.exe,4d6880,4d6a80,4d6680,6ca,407450,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-316.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3046.exe,4d6840,4d6a40,4d6640,6ca,407430,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-3165.exe,4d6b40,4d6740,4d6940,6ca,407498,20,60,53f2d0,53f2f8,c8
|
ntoskrnl_17763-3165.exe,4d6b40,4d6740,4d6940,6ca,407498,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-404.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3232.exe,4d6b40,4d6740,4d6940,6ca,407498,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-348.exe,4dabb0,4da7b0,4da9b0,6ca,40afb8,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3287.exe,4d6a80,4d6680,4d6880,6ca,407458,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-437.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3346.exe,4d6940,4d6b40,4d6740,6ca,407450,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-379.exe,4dabf0,4da7f0,4da9f0,6ca,40aff8,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3406.exe,4d6940,4d6b40,4d6740,6ca,407450,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-439.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3469.exe,4d6900,4d6b00,4d6700,6ca,407430,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-475.exe,4daaf0,4dacf0,4da8f0,6ca,40b730,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3532.exe,4d6880,4d6a80,4d6680,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-503.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3534.exe,4d6880,4d6a80,4d6680,6ca,407480,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-557.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3650.exe,4d8b00,4d8700,4d8900,6ca,409440,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-55.exe,45c4f0,45c0f0,45c2f0,6ca,40f098,20,50,4c52d0,4c52f8,c8
|
ntoskrnl_17763-3770.exe,4d8a00,4d8600,4d8800,6ca,409418,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-504.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3772.exe,4d8a00,4d8600,4d8800,6ca,409418,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-529.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-3887.exe,4d8a00,4d8600,4d8800,6ca,409418,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-615.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4010.exe,4d8b00,4d8700,4d8900,6ca,409440,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-652.exe,4dabf0,4da7f0,4da9f0,6ca,40b5f0,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4131.exe,4d7980,4d7b80,4d7780,6ca,408458,20,60,53f2d0,53f2f8,c8
|
||||||
ntoskrnl_17763-593.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4252.exe,4d89c0,4d8bc0,4d87c0,6ca,409438,20,60,5402d0,5402f8,c8
|
||||||
ntoskrnl_17763-719.exe,4daa30,4dac30,4da830,6ca,40b658,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4377.exe,4d89c0,4d8bc0,4d87c0,6ca,409438,20,60,5402d0,5402f8,c8
|
||||||
ntoskrnl_17763-737.exe,4da9f0,4dabf0,4da7f0,6ca,40b5d8,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4644.exe,4d8900,4d8b00,4d8700,6ca,409458,20,60,5402d0,5402f8,c8
|
||||||
ntoskrnl_17763-678.exe,4dac30,4da830,4daa30,6ca,40b610,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4737.exe,4d8940,4d8b40,4d8740,6ca,409478,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-771.exe,4dac70,4da870,4daa70,6ca,40b630,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4851.exe,4d8c00,4d8800,4d8a00,6ca,4094b8,20,60,5412d0,5412f8,c8
|
||||||
ntoskrnl_17763-802.exe,4dacb0,4da8b0,4daab0,6ca,40b6c0,20,50,5432d0,5432f8,c8
|
ntoskrnl_17763-4974.exe,4d8b40,4d8740,4d8940,6ca,409478,20,60,5402d0,5402f8,c8
|
||||||
ntoskrnl_17763-831.exe,4d8c70,4d8870,4d8a70,6ca,409610,20,50,5412d0,5412f8,c8
|
ntoskrnl_18362-30.exe,500d60,500960,500b60,6fa,42fa40,20,50,56f390,56f3b8,c8
|
||||||
ntoskrnl_17763-864.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8
|
ntoskrnl_18362-116.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8
|
||||||
ntoskrnl_17763-973.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8
|
ntoskrnl_18362-145.exe,500de0,5009e0,500be0,6fa,42f9e8,20,50,56f390,56f3b8,c8
|
||||||
ntoskrnl_17763-914.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8
|
ntoskrnl_18362-207.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8
|
||||||
|
ntoskrnl_18362-239.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8
|
||||||
|
ntoskrnl_18362-267.exe,503f60,503b60,503d60,6fa,432c60,20,50,572390,5723b8,c8
|
||||||
|
ntoskrnl_18362-295.exe,503fa0,503ba0,503da0,6fa,432c48,20,50,572390,5723b8,c8
|
||||||
|
ntoskrnl_18362-329.exe,504ee0,5050e0,504ce0,6fa,433c28,20,50,573390,5733b8,c8
|
||||||
|
ntoskrnl_18362-356.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8
|
||||||
|
ntoskrnl_18362-357.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8
|
||||||
|
ntoskrnl_18362-387.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-388.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-418.exe,505ee0,5060e0,505ce0,6fa,434c58,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-449.exe,505da0,505fa0,505ba0,6fa,434c58,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-476.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-535.exe,506020,505c20,505e20,6fa,434c78,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-592.exe,506060,505c60,505e60,6fa,434c80,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-628.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-657.exe,505e60,506060,505c60,6fa,434c78,20,50,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-693.exe,505de0,505fe0,505be0,6fa,434c38,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-719.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-720.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-752.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-753.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-778.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-815.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-836.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-900.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-904.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-959.exe,505ea0,5060a0,505ca0,6fa,434cb8,20,60,574390,5743b8,c8
|
||||||
|
ntoskrnl_18362-997.exe,505e60,506060,505c60,6fa,434c78,20,60,574390,5743b8,c8
|
||||||
ntoskrnl_18362-1016.exe,505fa0,505ba0,505da0,6fa,434bf8,20,60,574390,5743b8,c8
|
ntoskrnl_18362-1016.exe,505fa0,505ba0,505da0,6fa,434bf8,20,60,574390,5743b8,c8
|
||||||
ntoskrnl_18362-1049.exe,503fe0,503be0,503de0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1049.exe,503fe0,503be0,503de0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1110.exe,503fa0,503ba0,503da0,6fa,432c18,20,60,572390,5723b8,c8
|
|
||||||
ntoskrnl_18362-1082.exe,503fa0,503ba0,503da0,6fa,432bf8,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1082.exe,503fa0,503ba0,503da0,6fa,432bf8,20,60,572390,5723b8,c8
|
||||||
|
ntoskrnl_18362-1110.exe,503fa0,503ba0,503da0,6fa,432c18,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1139.exe,5040a0,503ca0,503ea0,6fa,432c98,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1139.exe,5040a0,503ca0,503ea0,6fa,432c98,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-116.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8
|
|
||||||
ntoskrnl_18362-1171.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1171.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1198.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1198.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1237.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1237.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8
|
||||||
@@ -379,116 +488,116 @@ ntoskrnl_18362-1379.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
|||||||
ntoskrnl_18362-1411.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1411.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1440.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1440.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1441.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1441.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-145.exe,500de0,5009e0,500be0,6fa,42f9e8,20,50,56f390,56f3b8,c8
|
|
||||||
ntoskrnl_18362-1443.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1443.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1474.exe,503ba0,503da0,5039a0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1474.exe,503ba0,503da0,5039a0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1500.exe,503b60,503d60,503960,6fa,432c18,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1500.exe,503b60,503d60,503960,6fa,432c18,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1533.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1533.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1556.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1556.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1621.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
|
||||||
ntoskrnl_18362-1593.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1593.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
||||||
|
ntoskrnl_18362-1621.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1646.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1646.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1734.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
|
||||||
ntoskrnl_18362-1679.exe,502da0,5029a0,502ba0,6fa,431bf8,20,60,571390,5713b8,c8
|
ntoskrnl_18362-1679.exe,502da0,5029a0,502ba0,6fa,431bf8,20,60,571390,5713b8,c8
|
||||||
|
ntoskrnl_18362-1734.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1801.exe,503ce0,503ee0,503ae0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1801.exe,503ce0,503ee0,503ae0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1854.exe,503ba0,503da0,5039a0,6fa,432c58,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1854.exe,503ba0,503da0,5039a0,6fa,432c58,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-1977.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8
|
|
||||||
ntoskrnl_18362-1916.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8
|
ntoskrnl_18362-1916.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8
|
||||||
|
ntoskrnl_18362-1977.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-2037.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-2037.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-2039.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-2039.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-207.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8
|
|
||||||
ntoskrnl_18362-2158.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
|
||||||
ntoskrnl_18362-2094.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-2094.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
|
ntoskrnl_18362-2158.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-2212.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-2212.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-239.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8
|
|
||||||
ntoskrnl_18362-2274.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
ntoskrnl_18362-2274.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8
|
||||||
ntoskrnl_18362-267.exe,503f60,503b60,503d60,6fa,432c60,20,50,572390,5723b8,c8
|
ntoskrnl_19041-264.exe,cec060,cec260,cebe60,87a,c19858,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-295.exe,503fa0,503ba0,503da0,6fa,432c48,20,50,572390,5723b8,c8
|
ntoskrnl_19041-329.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-329.exe,504ee0,5050e0,504ce0,6fa,433c28,20,50,573390,5733b8,c8
|
ntoskrnl_19041-331.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-30.exe,500d60,500960,500b60,6fa,42fa40,20,50,56f390,56f3b8,c8
|
ntoskrnl_19041-388.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-356.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8
|
ntoskrnl_19041-423.exe,cec160,cec360,cebf60,87a,c198b8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-357.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8
|
ntoskrnl_19041-450.exe,cec320,cebf20,cec120,87a,c198b8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-387.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8
|
ntoskrnl_19041-488.exe,cec220,cec420,cec020,87a,c19918,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-388.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8
|
ntoskrnl_19041-508.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-476.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8
|
ntoskrnl_19041-546.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-449.exe,505da0,505fa0,505ba0,6fa,434c58,20,50,574390,5743b8,c8
|
ntoskrnl_19041-572.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-418.exe,505ee0,5060e0,505ce0,6fa,434c58,20,50,574390,5743b8,c8
|
ntoskrnl_19041-610.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-535.exe,506020,505c20,505e20,6fa,434c78,20,50,574390,5743b8,c8
|
ntoskrnl_19041-630.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-592.exe,506060,505c60,505e60,6fa,434c80,20,50,574390,5743b8,c8
|
ntoskrnl_19041-631.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-657.exe,505e60,506060,505c60,6fa,434c78,20,50,574390,5743b8,c8
|
ntoskrnl_19041-662.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-628.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8
|
ntoskrnl_19041-685.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-693.exe,505de0,505fe0,505be0,6fa,434c38,20,60,574390,5743b8,c8
|
ntoskrnl_19041-746.exe,cebfe0,cec3e0,cec1e0,87a,c198f8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_18362-719.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8
|
ntoskrnl_19041-789.exe,cec220,cec620,cec420,87a,c19998,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-720.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8
|
ntoskrnl_19041-804.exe,cec420,cec220,cec020,87a,c19918,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-752.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8
|
ntoskrnl_19041-844.exe,cec660,cec460,cec260,87a,c19fa8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-778.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8
|
ntoskrnl_19041-867.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-753.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8
|
ntoskrnl_19041-868.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-815.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8
|
ntoskrnl_19041-870.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-836.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8
|
ntoskrnl_19041-906.exe,cec5e0,cec3e0,cec1e0,87a,c199d0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-904.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8
|
ntoskrnl_19041-928.exe,cec520,cec320,cec120,87a,c19950,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-900.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8
|
ntoskrnl_19041-964.exe,cec0e0,cebee0,cec2e0,87a,c19d38,20,60,cfb410,cfb440,c8
|
||||||
|
ntoskrnl_19041-985.exe,cec360,cec160,cebf60,87a,c19d78,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-1023.exe,cec460,cec260,cec060,87a,c19db8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1023.exe,cec460,cec260,cec060,87a,c19db8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-959.exe,505ea0,5060a0,505ca0,6fa,434cb8,20,60,574390,5743b8,c8
|
|
||||||
ntoskrnl_19041-1052.exe,cebfe0,cec3e0,cec1e0,87a,c19790,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1052.exe,cebfe0,cec3e0,cec1e0,87a,c19790,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_18362-997.exe,505e60,506060,505c60,6fa,434c78,20,60,574390,5743b8,c8
|
|
||||||
ntoskrnl_19041-1.exe,cec0e0,cec2e0,cebee0,87a,c19898,20,60,cfb410,cfb440,c8
|
|
||||||
ntoskrnl_19041-1055.exe,cec020,cec420,cec220,87a,c19790,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1055.exe,cec020,cec420,cec220,87a,c19790,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1081.exe,cec1e0,cebfe0,cec3e0,87a,c19758,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1081.exe,cec1e0,cebfe0,cec3e0,87a,c19758,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1083.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8
|
|
||||||
ntoskrnl_19041-1082.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1082.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-1083.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1110.exe,cec120,cebf20,cec320,87a,c197f8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1110.exe,cec120,cebf20,cec320,87a,c197f8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-1202.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8
|
|
||||||
ntoskrnl_19041-1165.exe,cec2e0,cec0e0,cebee0,87a,c197a0,20,60,cfb410,cfb440,c8
|
|
||||||
ntoskrnl_19041-1151.exe,cec320,cec120,cebf20,87a,c197c0,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1151.exe,cec320,cec120,cebf20,87a,c197c0,20,60,cfb410,cfb440,c8
|
||||||
|
ntoskrnl_19041-1165.exe,cec2e0,cec0e0,cebee0,87a,c197a0,20,60,cfb410,cfb440,c8
|
||||||
|
ntoskrnl_19041-1202.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-1237.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1237.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-1266.exe,cec3a0,cec1a0,cebfa0,87a,c19770,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1266.exe,cec3a0,cec1a0,cebfa0,87a,c19770,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1288.exe,cec1a0,cebfa0,cec3a0,87a,c19790,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1288.exe,cec1a0,cebfa0,cec3a0,87a,c19790,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1320.exe,cec4e0,cec2e0,cec0e0,87a,c197c0,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1320.exe,cec4e0,cec2e0,cec0e0,87a,c197c0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1348.exe,cec4e0,cec2e0,cec0e0,87a,c197c0,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1348.exe,cec4e0,cec2e0,cec0e0,87a,c197c0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1387.exe,cec1a0,cec3a0,cebfa0,87a,c197a0,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1387.exe,cec1a0,cec3a0,cebfa0,87a,c197a0,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-1415.exe,cec1e0,cec3e0,cebfe0,87a,c197c0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1466.exe,cec020,cec220,cec420,87a,c19780,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1466.exe,cec020,cec220,cec420,87a,c19780,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1469.exe,cec020,cec220,cec420,87a,c19780,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1469.exe,cec020,cec220,cec420,87a,c19780,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1415.exe,cec1e0,cec3e0,cebfe0,87a,c197c0,20,60,cfc410,cfc440,c8
|
|
||||||
ntoskrnl_19041-1503.exe,cebfa0,cec3a0,cec1a0,87a,c197a0,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1503.exe,cebfa0,cec3a0,cec1a0,87a,c197a0,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-1566.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8
|
|
||||||
ntoskrnl_19041-1526.exe,cec4e0,cec2e0,cec0e0,87a,c197a0,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1526.exe,cec4e0,cec2e0,cec0e0,87a,c197a0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1620.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1566.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-1586.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1586.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8
|
||||||
|
ntoskrnl_19041-1620.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1645.exe,cec3a0,cec1a0,cebfa0,87a,c19de8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1645.exe,cec3a0,cec1a0,cebfa0,87a,c19de8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1682.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1682.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1706.exe,cec260,cec060,cec460,87a,c19e08,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1706.exe,cec260,cec060,cec460,87a,c19e08,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1708.exe,cec460,cec260,cec060,87a,c19de8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1708.exe,cec460,cec260,cec060,87a,c19de8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1806.exe,cec0e0,cec4e0,cec2e0,87a,c19df8,20,60,cfc410,cfc440,c8
|
|
||||||
ntoskrnl_19041-1766.exe,cec4a0,cec2a0,cec0a0,87a,c19810,20,60,cfc410,cfc440,c8
|
|
||||||
ntoskrnl_19041-1741.exe,cebf60,cec360,cec160,87a,c19770,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1741.exe,cebf60,cec360,cec160,87a,c19770,20,60,cfb410,cfb440,c8
|
||||||
|
ntoskrnl_19041-1766.exe,cec4a0,cec2a0,cec0a0,87a,c19810,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-1806.exe,cec0e0,cec4e0,cec2e0,87a,c19df8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1826.exe,cec3e0,cec1e0,cebfe0,87a,c19df8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1826.exe,cec3e0,cec1e0,cebfe0,87a,c19df8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-1865.exe,cec120,cec520,cec320,87a,c19de0,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-1865.exe,cec120,cec520,cec320,87a,c19de0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-264.exe,cec060,cec260,cebe60,87a,c19858,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1889.exe,cec060,cec460,cec260,87a,c19dd8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-331.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-1949.exe,cec460,cec260,cec060,87a,c19790,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-329.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2006.exe,cec420,cec220,cec020,87a,c19d98,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-388.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2075.exe,cec0a0,cec4a0,cec2a0,87a,c19da8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-423.exe,cec160,cec360,cebf60,87a,c198b8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2130.exe,cec420,cec220,cec020,87a,c19790,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-488.exe,cec220,cec420,cec020,87a,c19918,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2193.exe,cec020,cec420,cec220,87a,c197f8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-450.exe,cec320,cebf20,cec120,87a,c198b8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2194.exe,cec420,cec220,cec020,87a,c197f8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-572.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2251.exe,cec1e0,cebfe0,cec3e0,87a,c19838,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-508.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2311.exe,cec420,cec220,cec020,87a,c19818,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-546.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2364.exe,cec460,cec260,cec060,87a,c197d8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-610.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2364.exe,cec460,cec260,cec060,87a,c197d8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-630.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2486.exe,cec4a0,cec2a0,cec0a0,87a,c197b8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-662.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2546.exe,cec120,cebf20,cec320,87a,c197d8,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-685.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2604.exe,cec120,cebf20,cec320,87a,c19798,20,60,cfb410,cfb440,c8
|
||||||
ntoskrnl_19041-631.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2673.exe,cec3e0,cec1e0,cebfe0,87a,c197d8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-746.exe,cebfe0,cec3e0,cec1e0,87a,c198f8,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-2728.exe,cec520,cec320,cec120,87a,c197b8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-789.exe,cec220,cec620,cec420,87a,c19998,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2788.exe,cec0e0,cec4e0,cec2e0,87a,c19df0,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-844.exe,cec660,cec460,cec260,87a,c19fa8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2846.exe,cec120,cec520,cec320,87a,c19e50,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-804.exe,cec420,cec220,cec020,87a,c19918,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2913.exe,cec0a0,cec4a0,cec2a0,87a,c19e68,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-870.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-2965.exe,cec0a0,cec4a0,cec2a0,87a,c19e28,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-868.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-3031.exe,cec2a0,cec0a0,cec4a0,87a,c19e30,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-867.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-3086.exe,cec0e0,cec4e0,cec2e0,87a,c19e28,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-906.exe,cec5e0,cec3e0,cec1e0,87a,c199d0,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-3155.exe,cec4e0,cec2e0,cec0e0,87a,c19e30,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-928.exe,cec520,cec320,cec120,87a,c19950,20,60,cfc410,cfc440,c8
|
ntoskrnl_19041-3208.exe,cec2a0,cec0a0,cec4a0,87a,c19e08,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-985.exe,cec360,cec160,cebf60,87a,c19d78,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-3271.exe,cec420,cec220,cec620,87a,c19838,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_19041-964.exe,cec0e0,cebee0,cec2e0,87a,c19d38,20,60,cfb410,cfb440,c8
|
ntoskrnl_19041-3324.exe,cec620,cec420,cec220,87a,c19818,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-3393.exe,cec2e0,cec0e0,cec4e0,87a,c19838,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-3448.exe,cec460,cec260,cec060,87a,c19858,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-3516.exe,cec1a0,cec5a0,cec3a0,87a,c197f8,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-3570.exe,cec660,cec460,cec260,87a,c197d8,20,60,cfc410,cfc440,c8
|
||||||
|
ntoskrnl_19041-3636.exe,cec5e0,cec3e0,cec1e0,87a,c197b8,20,60,cfc410,cfc440,c8
|
||||||
ntoskrnl_22000-194.exe,cf5f40,cf5d40,cf6140,87a,c15d20,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-194.exe,cf5f40,cf5d40,cf6140,87a,c15d20,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-258.exe,cf5f40,cf5d40,cf6140,87a,c15d20,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-258.exe,cf5f40,cf5d40,cf6140,87a,c15d20,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-282.exe,cf5f00,cf5d00,cf6100,87a,c163d0,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-282.exe,cf5f00,cf5d00,cf6100,87a,c163d0,20,60,d06890,d068c0,c8
|
||||||
@@ -497,8 +606,8 @@ ntoskrnl_22000-348.exe,cf5e00,cf6200,cf6000,87a,c15d40,20,60,d06890,d068c0,c8
|
|||||||
ntoskrnl_22000-376.exe,cf5e00,cf6200,cf6000,87a,c15d40,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-376.exe,cf5e00,cf6200,cf6000,87a,c15d40,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-434.exe,cf5dc0,cf61c0,cf5fc0,87a,c163b8,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-434.exe,cf5dc0,cf61c0,cf5fc0,87a,c163b8,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-438.exe,cf5e00,cf6200,cf6000,87a,c16398,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-438.exe,cf5e00,cf6200,cf6000,87a,c16398,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-493.exe,cf6140,cf6340,cf5f40,87a,c15d58,20,60,d06890,d068c0,c8
|
|
||||||
ntoskrnl_22000-469.exe,cf6140,cf6340,cf5f40,87a,c15d38,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-469.exe,cf6140,cf6340,cf5f40,87a,c15d38,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-493.exe,cf6140,cf6340,cf5f40,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-527.exe,cf6300,cf5f00,cf6100,87a,c15d58,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-527.exe,cf6300,cf5f00,cf6100,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-556.exe,cf62c0,cf5ec0,cf60c0,87a,c15d78,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-556.exe,cf62c0,cf5ec0,cf60c0,87a,c15d78,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-593.exe,cf63c0,cf61c0,cf5fc0,87a,c15d78,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-593.exe,cf63c0,cf61c0,cf5fc0,87a,c15d78,20,60,d06890,d068c0,c8
|
||||||
@@ -509,12 +618,60 @@ ntoskrnl_22000-739.exe,cf62c0,cf60c0,cf5ec0,87a,c163c0,20,60,d06890,d068c0,c8
|
|||||||
ntoskrnl_22000-778.exe,cf6180,cf5f80,cf5d80,87a,c163b8,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-778.exe,cf6180,cf5f80,cf5d80,87a,c163b8,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-795.exe,cf6180,cf5f80,cf5d80,87a,c163b8,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-795.exe,cf6180,cf5f80,cf5d80,87a,c163b8,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_22000-832.exe,cf6380,cf6180,cf5f80,87a,c163a8,20,60,d06890,d068c0,c8
|
ntoskrnl_22000-832.exe,cf6380,cf6180,cf5f80,87a,c163a8,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_7601-25740.exe,21c500,21c2e0,21c0c0,0,0,20,50,29e020,29e050,c0
|
ntoskrnl_22000-856.exe,cf6300,cf6100,cf5f00,87a,c16438,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_9600-17031.exe,2e1a40,2e1840,2e1640,67a,0,10,50,354020,354048,c8
|
ntoskrnl_22000-918.exe,cf6440,cf6240,cf6040,87a,c15d50,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_9600-19321.exe,2dcb10,2dc910,2dc710,67a,0,20,50,34f030,34f048,c8
|
ntoskrnl_22000-978.exe,cf6440,cf6240,cf6040,87a,c15d50,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_9600-19376.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8
|
ntoskrnl_22000-1042.exe,cf6300,cf6100,cf5f00,87a,c163d0,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_9600-19426.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8
|
ntoskrnl_22000-1098.exe,cf63c0,cf61c0,cf5fc0,87a,c163e0,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_9600-20144.exe,2dac50,2daa50,2da850,67a,0,20,50,34d030,34d048,c8
|
ntoskrnl_22000-1165.exe,cf63c0,cf61c0,cf5fc0,87a,c16398,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_7601-17514.exe,ffffffffffffffff,ffffffffffffffff,ffffffffffffffff,0,0,8,38,16002c,160028,80
|
ntoskrnl_22000-1219.exe,cf6340,cf6140,cf5f40,87a,c16398,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_6003-21251.exe,1a9d00,1a9ae0,1a9a80,0,0,10,50,22c020,22c040,228
|
ntoskrnl_22000-1281.exe,cf6000,cf6200,cf6400,87a,c15d78,20,60,d06890,d068c0,c8
|
||||||
ntoskrnl_19041-2364.exe,cec460,cec260,cec060,87a,c197d8,20,60,cfc410,cfc440,c8
|
ntoskrnl_22000-1335.exe,cf6100,cf6300,cf5f00,87a,c15db8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1455.exe,cf5fc0,cf61c0,cf5dc0,87a,c15cd8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1516.exe,cf5f40,cf6140,cf6340,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1574.exe,cf5f80,cf6180,cf6380,87a,c163f8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1641.exe,cf5fc0,cf61c0,cf63c0,87a,c163d8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1696.exe,cf6200,cf6400,cf6000,87a,c163f8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1761.exe,cf62c0,cf64c0,cf60c0,87a,c163b8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1817.exe,cf5f80,cf6180,cf6380,87a,c16408,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1880.exe,cf5f80,cf6180,cf6380,87a,c15d78,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-1936.exe,cf6180,cf6380,cf5f80,87a,c15d38,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2003.exe,cf61c0,cf63c0,cf5fc0,87a,c15d38,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2057.exe,cf6040,cf6240,cf6440,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2124.exe,cf5fc0,cf61c0,cf63c0,87a,c15d38,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2176.exe,cf5fc0,cf61c0,cf63c0,87a,c15d18,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2245.exe,cf6000,cf6200,cf6400,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2295.exe,cf61c0,cf63c0,cf5fc0,87a,c15d38,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2360.exe,cf64c0,cf60c0,cf62c0,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2416.exe,cf6100,cf6300,cf6500,87a,c15df8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2482.exe,cf6440,cf6040,cf6240,87a,c15d58,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22000-2538.exe,cf6240,cf6440,cf6040,87a,c15df8,20,60,d06890,d068c0,c8
|
||||||
|
ntoskrnl_22621-382.exe,d0bb60,d0bd60,d0bf60,87a,c317f8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-525.exe,d0bbe0,d0bde0,d0bfe0,87a,c31f90,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-608.exe,d0bd20,d0bf20,d0c120,87a,c31fb0,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-674.exe,d0bc20,d0be20,d0c020,87a,c31f70,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-675.exe,d0bc20,d0be20,d0c020,87a,c31f70,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-755.exe,d0bae0,d0bce0,d0bee0,87a,c31f40,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-819.exe,d0bde0,d0bfe0,d0bbe0,87a,c31f20,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-900.exe,d0c5e0,d0c1e0,d0c3e0,87a,c31818,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-963.exe,d0c0e0,d0c2e0,d0c4e0,87a,c317b8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1105.exe,d0c160,d0c360,d0c560,87a,c317b8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1194.exe,d0c0a0,d0c2a0,d0c4a0,87a,c317f8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1265.exe,d0c060,d0c260,d0c460,87a,c317b8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1344.exe,d0c5a0,d0c1a0,d0c3a0,87a,c31f98,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1413.exe,d0c5a0,d0c1a0,d0c3a0,87a,c31f98,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1485.exe,d0c5e0,d0c1e0,d0c3e0,87a,c31fc0,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1555.exe,d0c620,d0c220,d0c420,87a,c32020,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1635.exe,d0c660,d0c260,d0c460,87a,c32000,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1702.exe,d0c2a0,d0c4a0,d0c6a0,87a,c31fe0,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1778.exe,d0bf00,d0c100,d0bd00,87a,c31fe0,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1848.exe,d0bfc0,d0c1c0,d0bdc0,87a,c31fb8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1928.exe,d0c080,d0c280,d0c480,87a,c31ff8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-1992.exe,d0c380,d0bf80,d0c180,87a,c31fc8,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-2070.exe,d0c3c0,d0c1c0,d0bfc0,87a,c31920,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-2134.exe,d0c3c0,d0c1c0,d0bfc0,87a,c31900,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-2215.exe,d0c380,d0c180,d0bf80,87a,c31900,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-2283.exe,d0c440,d0c240,d0c040,87a,c318e0,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-2361.exe,d0c510,d0c310,d0c110,87a,c318e0,20,60,d1da18,d1da40,c8
|
||||||
|
ntoskrnl_22621-2428.exe,d0c610,d0c410,d0c210,87a,c318e0,20,60,d1ea18,d1ea40,c8
|
||||||
|
ntoskrnl_22621-2506.exe,d0c150,d0c550,d0c350,87a,c31880,20,60,d1ea18,d1ea40,c8
|
||||||
|
|||||||
|
@@ -0,0 +1,791 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
"""
|
||||||
|
A python native parser with (many) missing features.
|
||||||
|
Only support the bare minimum to extract symbols addresses and field offsets in structures
|
||||||
|
Written from info found here: https://llvm.org/docs/PDB/index.html
|
||||||
|
"""
|
||||||
|
from math import ceil
|
||||||
|
from struct import unpack
|
||||||
|
from functools import cache, cached_property
|
||||||
|
from uuid import UUID
|
||||||
|
|
||||||
|
try:
|
||||||
|
from line_profiler_pycharm import profile
|
||||||
|
except ImportError:
|
||||||
|
profile = lambda x: x
|
||||||
|
|
||||||
|
|
||||||
|
def u32f(f, addr=None):
|
||||||
|
if addr is not None:
|
||||||
|
f.seek(addr)
|
||||||
|
return unpack("<I", f.read(4))[0]
|
||||||
|
|
||||||
|
|
||||||
|
def readat(f, addr, size):
|
||||||
|
f.seek(addr)
|
||||||
|
return f.read(size)
|
||||||
|
|
||||||
|
|
||||||
|
class MsfStream(object):
|
||||||
|
def __init__(self, msf, size, blocks):
|
||||||
|
self.msf = msf
|
||||||
|
self.size = size
|
||||||
|
self.blocks = blocks
|
||||||
|
self.cursor = 0
|
||||||
|
|
||||||
|
@profile
|
||||||
|
def read(self, size=None):
|
||||||
|
if size is not None:
|
||||||
|
size = min(self.size - self.cursor, size)
|
||||||
|
else:
|
||||||
|
size = self.size - self.cursor
|
||||||
|
content = b""
|
||||||
|
block_size = self.msf.BlockSize
|
||||||
|
current_block_index = self.cursor // block_size
|
||||||
|
while size:
|
||||||
|
current_block = self.blocks[current_block_index]
|
||||||
|
current_block_index += 1
|
||||||
|
block_offset = self.cursor % block_size
|
||||||
|
to_read = min(block_size - block_offset, size)
|
||||||
|
self.msf.f.seek(block_size * current_block + block_offset)
|
||||||
|
content += self.msf.f.read(to_read)
|
||||||
|
self.cursor += to_read
|
||||||
|
size -= to_read
|
||||||
|
return content
|
||||||
|
|
||||||
|
def seek(self, pos):
|
||||||
|
self.cursor = pos
|
||||||
|
|
||||||
|
def peek_u8(self, at=None):
|
||||||
|
pos = self.cursor
|
||||||
|
u = self.u8(at)
|
||||||
|
self.cursor = pos
|
||||||
|
return u
|
||||||
|
|
||||||
|
def peek_u16(self, at=None):
|
||||||
|
pos = self.cursor
|
||||||
|
u = self.u16(at)
|
||||||
|
self.cursor = pos
|
||||||
|
return u
|
||||||
|
|
||||||
|
def peek_u32(self, at=None):
|
||||||
|
pos = self.cursor
|
||||||
|
u = self.u32(at)
|
||||||
|
self.cursor = pos
|
||||||
|
return u
|
||||||
|
|
||||||
|
def u8(self, addr=None):
|
||||||
|
if addr is not None:
|
||||||
|
self.seek(addr)
|
||||||
|
return self.read(1)[0]
|
||||||
|
|
||||||
|
def u16(self, addr=None):
|
||||||
|
if addr is not None:
|
||||||
|
self.seek(addr)
|
||||||
|
return unpack("<H", self.read(2))[0]
|
||||||
|
|
||||||
|
def u32(self, addr=None):
|
||||||
|
if addr is not None:
|
||||||
|
self.seek(addr)
|
||||||
|
return unpack("<I", self.read(4))[0]
|
||||||
|
|
||||||
|
def u64(self, addr=None):
|
||||||
|
if addr is not None:
|
||||||
|
self.seek(addr)
|
||||||
|
return unpack("<Q", self.read(8))[0]
|
||||||
|
|
||||||
|
def cstring(self):
|
||||||
|
s = b""
|
||||||
|
start = self.cursor
|
||||||
|
while b"\x00" not in s:
|
||||||
|
s += self.read(32)
|
||||||
|
s = s.split(b"\x00", maxsplit=1)[0]
|
||||||
|
self.cursor = start + len(s) + 1
|
||||||
|
return s
|
||||||
|
|
||||||
|
|
||||||
|
class MsfStreamDirectory(object):
|
||||||
|
def __init__(self, msf):
|
||||||
|
self.msf = msf
|
||||||
|
|
||||||
|
# @cache
|
||||||
|
def __getitem__(self, num_dword):
|
||||||
|
StreamDirectoryBlockMapAddr = self.msf.BlockMapAddr * self.msf.BlockSize
|
||||||
|
block_number = num_dword * 4 // self.msf.BlockSize
|
||||||
|
block_addr = self.msf.BlockSize * u32f(self.msf.f, StreamDirectoryBlockMapAddr + 4 * block_number)
|
||||||
|
dword_addr = block_addr + (num_dword * 4) % self.msf.BlockSize
|
||||||
|
return u32f(self.msf.f, dword_addr)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def NumStreams(self):
|
||||||
|
return self[0]
|
||||||
|
|
||||||
|
def StreamSize(self, stream_number):
|
||||||
|
return self[1 + stream_number]
|
||||||
|
|
||||||
|
def StreamBlocks(self, stream_number):
|
||||||
|
index_streamblocks = 1 + self.NumStreams
|
||||||
|
for i in range(stream_number):
|
||||||
|
index_streamblocks += ceil(self.StreamSize(i) / self.msf.BlockSize)
|
||||||
|
blocks = [
|
||||||
|
self[index_streamblocks + b] for b in range(ceil(self.StreamSize(stream_number) / self.msf.BlockSize))
|
||||||
|
]
|
||||||
|
return blocks
|
||||||
|
|
||||||
|
|
||||||
|
class PdbInfoStream(MsfStream):
|
||||||
|
"""
|
||||||
|
struct PdbStreamHeader {
|
||||||
|
ulittle32_t Version;
|
||||||
|
ulittle32_t Signature;
|
||||||
|
ulittle32_t Age;
|
||||||
|
Guid UniqueId;
|
||||||
|
};
|
||||||
|
|
||||||
|
//Named stream hashmap
|
||||||
|
// "The on-disk layout of the Named Stream Map consists of 2 components. The first is a buffer of string data prefixed
|
||||||
|
// by a 32-bit length. The second is a serialized hash table whose key and value types are both uint32_t. The key is
|
||||||
|
// the offset of a null-terminated string in the string data buffer specifying the name of the stream, and the value
|
||||||
|
// is the MSF stream index of the stream with said name. Note that although the key is an integer, the hash function
|
||||||
|
// used to find the right bucket hashes the string at the corresponding offset in the string data buffer."
|
||||||
|
.--------------------.-- +0
|
||||||
|
| Size |
|
||||||
|
.--------------------.-- +4
|
||||||
|
| Capacity |
|
||||||
|
.--------------------.-- +8
|
||||||
|
| Present Bit Vector |
|
||||||
|
.--------------------.-- +N
|
||||||
|
| Deleted Bit Vector |
|
||||||
|
.--------------------.-- +M ─╮
|
||||||
|
| Key | │
|
||||||
|
.--------------------.-- +M+4 │
|
||||||
|
| Value | │
|
||||||
|
.--------------------.-- +M+4+sizeof(Value) │
|
||||||
|
... ├─ |Capacity| Bucket entries
|
||||||
|
.--------------------. │
|
||||||
|
| Key | │
|
||||||
|
.--------------------. │
|
||||||
|
| Value | │
|
||||||
|
.--------------------. ─╯
|
||||||
|
|
||||||
|
//+ a sequence of
|
||||||
|
enum class PdbRaw_FeatureSig : uint32_t {
|
||||||
|
VC110 = 20091201,
|
||||||
|
VC140 = 20140508,
|
||||||
|
NoTypeMerge = 0x4D544F4E,
|
||||||
|
MinimalDebugInfo = 0x494E494D,
|
||||||
|
};
|
||||||
|
"""
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def Version(self):
|
||||||
|
return self.u32(0)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def Signature(self):
|
||||||
|
return self.u32(4)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def Age(self):
|
||||||
|
return self.u32(8)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def Guid(self):
|
||||||
|
return UUID(bytes_le=readat(self, 12, 16))
|
||||||
|
|
||||||
|
"""
|
||||||
|
Format explained here: https://github.com/willglynn/pdb/blob/b052964e09d03eb190c8a60dc76344150ff8a9df/src/pdbi.rs#L99
|
||||||
|
"""
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def NamedStreamMap(self):
|
||||||
|
string_buffer_size = self.u32(3 * 4 + 16)
|
||||||
|
strings_buffer = self.read(string_buffer_size)
|
||||||
|
size_hashmap = self.u32()
|
||||||
|
capacity_hashmap = self.u32() # unused
|
||||||
|
present_bit_vector_word_count = self.u32()
|
||||||
|
present_bit_vector = 0
|
||||||
|
for i in range(present_bit_vector_word_count):
|
||||||
|
present_bit_vector |= self.u32() << (32 * i)
|
||||||
|
deleted_bit_vector_word_count = self.u32()
|
||||||
|
deleted_bit_vector = 0
|
||||||
|
for i in range(deleted_bit_vector_word_count):
|
||||||
|
deleted_bit_vector |= self.u32() << (32 * i)
|
||||||
|
named_streams_ids = dict()
|
||||||
|
count_present = 0
|
||||||
|
for i in range(capacity_hashmap):
|
||||||
|
if present_bit_vector & (1 << i):
|
||||||
|
key = self.u32()
|
||||||
|
value = self.u32()
|
||||||
|
count_present += 1
|
||||||
|
if not (deleted_bit_vector & (1 << i)):
|
||||||
|
assert key == 0 or strings_buffer[key - 1 : key] == b"\x00"
|
||||||
|
stream_name = strings_buffer[key:].split(b"\x00")[0]
|
||||||
|
stream_id = value
|
||||||
|
named_streams_ids[stream_name.decode()] = self.msf.Stream(stream_id)
|
||||||
|
assert count_present == size_hashmap
|
||||||
|
return named_streams_ids
|
||||||
|
|
||||||
|
|
||||||
|
class SymRecordStream(MsfStream):
|
||||||
|
# complete with https://github.com/microsoft/microsoft-pdb/blob/805655a28bd8198004be2ac27e6e0290121a5e89/include/cvinfo.h#L2900
|
||||||
|
# if a value is missing
|
||||||
|
REC_TYPES = {
|
||||||
|
0x110E: "S_PUB32", # a public symbol (CV internal reserved)
|
||||||
|
0x1125: "S_PROCREF", # Reference to a procedure
|
||||||
|
0x1127: "S_LPROCREF", # Local Reference to a procedure
|
||||||
|
0x1128: "S_ANNOTATIONREF", # Reference to an S_ANNOTATION symbol
|
||||||
|
}
|
||||||
|
|
||||||
|
def __init__(self, msf, size, blocks):
|
||||||
|
MsfStream.__init__(self, msf, size, blocks)
|
||||||
|
self.symbols = dict()
|
||||||
|
self.next_to_parse_offset = 0
|
||||||
|
|
||||||
|
def __iter__(self):
|
||||||
|
self.cursor = 0
|
||||||
|
return self
|
||||||
|
|
||||||
|
def __next__(self):
|
||||||
|
offset = None
|
||||||
|
while offset is None:
|
||||||
|
if self.cursor == self.size:
|
||||||
|
raise StopIteration
|
||||||
|
if self.size - self.cursor < 4:
|
||||||
|
raise ValueError
|
||||||
|
|
||||||
|
record_length = self.u16()
|
||||||
|
record_end = self.cursor + record_length
|
||||||
|
record_type = self.u16()
|
||||||
|
|
||||||
|
if self.size - self.cursor < record_length - 2:
|
||||||
|
raise ValueError
|
||||||
|
|
||||||
|
match self.REC_TYPES[record_type]:
|
||||||
|
case "S_PUB32":
|
||||||
|
flags, offset, segment = unpack("<IIH", self.read(10))
|
||||||
|
name = self.cstring()
|
||||||
|
self.cursor = record_end
|
||||||
|
return "S_PUB32", offset, name, segment
|
||||||
|
case "S_LPROCREF" | "S_PROCREF":
|
||||||
|
"""
|
||||||
|
sumName = self.u32() # SUC of the name
|
||||||
|
ibSym = offset = self.u32() # Offset of actual symbol in $$Symbols
|
||||||
|
imod = self.u16() # Module containing the actual symbol
|
||||||
|
name = self.read(record_length - 12)
|
||||||
|
|
||||||
|
# ignore for the moment
|
||||||
|
"""
|
||||||
|
offset = name = None
|
||||||
|
case "S_ANNOTATIONREF":
|
||||||
|
offset = name = None
|
||||||
|
case _:
|
||||||
|
offset = name = None
|
||||||
|
raise ValueError(f"{self.REC_TYPES[record_type]} : not implemented")
|
||||||
|
self.seek(record_end)
|
||||||
|
|
||||||
|
def search_and_cache_symbols(self, symbolname: str):
|
||||||
|
symbolname_raw = symbolname.encode()
|
||||||
|
if symbolname_raw not in self.symbols:
|
||||||
|
saved_cursor = self.cursor
|
||||||
|
self.cursor = self.next_to_parse_offset
|
||||||
|
while self.cursor != self.size:
|
||||||
|
try:
|
||||||
|
_, offset, name, segment = self.__next__()
|
||||||
|
except StopIteration:
|
||||||
|
continue
|
||||||
|
self.symbols[name] = (offset, segment)
|
||||||
|
if name == symbolname_raw:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
return (None, None)
|
||||||
|
self.next_to_parse_offset = self.cursor
|
||||||
|
self.cursor = saved_cursor
|
||||||
|
return self.symbols[symbolname_raw]
|
||||||
|
|
||||||
|
|
||||||
|
class DBIStream(MsfStream):
|
||||||
|
"""
|
||||||
|
struct DbiStreamHeader {
|
||||||
|
int32_t VersionSignature; // 0
|
||||||
|
uint32_t VersionHeader; // 4
|
||||||
|
uint32_t Age; // 8
|
||||||
|
uint16_t GlobalStreamIndex; // 12
|
||||||
|
uint16_t BuildNumber; // 14
|
||||||
|
uint16_t PublicStreamIndex; // 16
|
||||||
|
uint16_t PdbDllVersion; // 18
|
||||||
|
uint16_t SymRecordStream; // 20
|
||||||
|
uint16_t PdbDllRbld; // 22
|
||||||
|
int32_t ModInfoSize; // 24
|
||||||
|
int32_t SectionContributionSize; // 28
|
||||||
|
int32_t SectionMapSize; // 32
|
||||||
|
int32_t SourceInfoSize; // 36
|
||||||
|
int32_t TypeServerMapSize; // 40
|
||||||
|
uint32_t MFCTypeServerIndex; // 44
|
||||||
|
int32_t OptionalDbgHeaderSize; // 48
|
||||||
|
int32_t ECSubstreamSize; // 52
|
||||||
|
uint16_t Flags; // 56
|
||||||
|
uint16_t Machine; // 58
|
||||||
|
uint32_t Padding; // 60
|
||||||
|
};
|
||||||
|
"""
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def SymRecordStream(self):
|
||||||
|
stream_id = self.peek_u16(20)
|
||||||
|
return SymRecordStream(
|
||||||
|
self.msf,
|
||||||
|
self.msf.StreamDirectory.StreamSize(stream_id),
|
||||||
|
self.msf.StreamDirectory.StreamBlocks(stream_id),
|
||||||
|
)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def ModInfoSize(self):
|
||||||
|
return self.peek_u32(24)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def SectionContributionSize(self):
|
||||||
|
return self.peek_u32(28)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def SectionMapSize(self):
|
||||||
|
return self.peek_u32(32)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def SourceInfoSize(self):
|
||||||
|
return self.peek_u32(36)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def TypeServerMapSize(self):
|
||||||
|
return self.peek_u32(40)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def OptionalDbgHeaderSize(self):
|
||||||
|
return self.peek_u32(48)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def ECSubstreamSize(self):
|
||||||
|
return self.peek_u32(52)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def SectionHeadersStream(self):
|
||||||
|
"""
|
||||||
|
See https://llvm.org/docs/PDB/DbiStream.html#optional-debug-header-stream
|
||||||
|
"""
|
||||||
|
if self.OptionalDbgHeaderSize // 2 < 6:
|
||||||
|
raise ValueError("OptionalDbgHeader not present or does not contain Section Header Data")
|
||||||
|
stream_id = self.peek_u16(
|
||||||
|
64 # DBI Header size
|
||||||
|
+ self.ModInfoSize
|
||||||
|
+ self.SectionContributionSize
|
||||||
|
+ self.SectionMapSize
|
||||||
|
+ self.SourceInfoSize
|
||||||
|
+ self.TypeServerMapSize
|
||||||
|
+ self.ECSubstreamSize
|
||||||
|
+ 0 # Optional Debug Header Stream starts here
|
||||||
|
+ 2 * 5 # uint16_t DbgStreamArray[5] contains the stream number of the section headers
|
||||||
|
)
|
||||||
|
return SectionHeaderStream(
|
||||||
|
self.msf, self.msf.StreamDirectory.StreamSize(stream_id), self.msf.StreamDirectory.StreamBlocks(stream_id)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class SectionHeaderStream(MsfStream):
|
||||||
|
"""
|
||||||
|
typedef struct _IMAGE_SECTION_HEADER {
|
||||||
|
BYTE Name[8];
|
||||||
|
union {
|
||||||
|
DWORD PhysicalAddress;
|
||||||
|
DWORD VirtualSize;
|
||||||
|
} Misc;
|
||||||
|
DWORD VirtualAddress;
|
||||||
|
DWORD SizeOfRawData;
|
||||||
|
DWORD PointerToRawData;
|
||||||
|
DWORD PointerToRelocations;
|
||||||
|
DWORD PointerToLinenumbers;
|
||||||
|
WORD NumberOfRelocations;
|
||||||
|
WORD NumberOfLinenumbers;
|
||||||
|
DWORD Characteristics;
|
||||||
|
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
|
||||||
|
"""
|
||||||
|
|
||||||
|
class SectionHeader(object):
|
||||||
|
def __init__(self, data):
|
||||||
|
(
|
||||||
|
self.Name,
|
||||||
|
self.VirtualSize,
|
||||||
|
self.VirtualAddress,
|
||||||
|
self.SizeOfRawData,
|
||||||
|
self.PointerToRawData,
|
||||||
|
self.PointerToRelocations,
|
||||||
|
self.PointerToLinenumbers,
|
||||||
|
self.NumberOfRelocations,
|
||||||
|
self.NumberOfLinenumbers,
|
||||||
|
self.Characteristics,
|
||||||
|
) = unpack("8sIIIIIIHHI", data)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def NumberOfSections(self):
|
||||||
|
assert self.size % 40 == 0
|
||||||
|
return self.size // 40
|
||||||
|
|
||||||
|
def __iter__(self):
|
||||||
|
self.cursor = 0
|
||||||
|
return self
|
||||||
|
|
||||||
|
def __next__(self):
|
||||||
|
if self.cursor >= self.size:
|
||||||
|
raise StopIteration
|
||||||
|
return SectionHeaderStream.SectionHeader(self.read(40))
|
||||||
|
|
||||||
|
def __getitem__(self, section_index):
|
||||||
|
if section_index >= self.NumberOfSections:
|
||||||
|
raise ValueError(f"Section number {section_index} does not exist")
|
||||||
|
self.cursor = section_index * 40
|
||||||
|
return SectionHeaderStream.SectionHeader(self.read(40))
|
||||||
|
|
||||||
|
|
||||||
|
class TPIorIPStream(MsfStream):
|
||||||
|
"""
|
||||||
|
struct TpiStreamHeader {
|
||||||
|
uint32_t Version;
|
||||||
|
uint32_t HeaderSize;
|
||||||
|
uint32_t TypeIndexBegin;
|
||||||
|
uint32_t TypeIndexEnd;
|
||||||
|
uint32_t TypeRecordBytes;
|
||||||
|
|
||||||
|
uint16_t HashStreamIndex;
|
||||||
|
uint16_t HashAuxStreamIndex;
|
||||||
|
uint32_t HashKeySize;
|
||||||
|
uint32_t NumHashBuckets;
|
||||||
|
|
||||||
|
int32_t HashValueBufferOffset;
|
||||||
|
uint32_t HashValueBufferLength;
|
||||||
|
|
||||||
|
int32_t IndexOffsetBufferOffset;
|
||||||
|
uint32_t IndexOffsetBufferLength;
|
||||||
|
|
||||||
|
int32_t HashAdjBufferOffset;
|
||||||
|
uint32_t HashAdjBufferLength;
|
||||||
|
};
|
||||||
|
"""
|
||||||
|
|
||||||
|
REC_TYPES = {
|
||||||
|
0x1001: "LF_MODIFIER",
|
||||||
|
0x1002: "LF_POINTER",
|
||||||
|
0x1008: "LF_PROCEDURE",
|
||||||
|
0x1201: "LF_ARGLIST",
|
||||||
|
0x1203: "LF_FIELDLIST",
|
||||||
|
0x1205: "LF_BITFIELD",
|
||||||
|
0x1404: "LF_INDEX",
|
||||||
|
0x1502: "LF_ENUMERATE",
|
||||||
|
0x1503: "LF_ARRAY",
|
||||||
|
0x1505: "LF_STRUCTURE",
|
||||||
|
0x1506: "LF_UNION",
|
||||||
|
0x1507: "LF_ENUM",
|
||||||
|
0x150D: "LF_MEMBER",
|
||||||
|
0x1605: "LF_STRING_ID",
|
||||||
|
0x1606: "LF_UDT_SRC_LINE",
|
||||||
|
}
|
||||||
|
|
||||||
|
def __init__(self, msf, size, blocks):
|
||||||
|
MsfStream.__init__(self, msf, size, blocks)
|
||||||
|
self.filter = None
|
||||||
|
self.type_index = self.TypeIndexBegin
|
||||||
|
self.types = dict()
|
||||||
|
self.REC_TYPES_ids = {self.REC_TYPES[k]: k for k in self.REC_TYPES}
|
||||||
|
self.types_parsed = False
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def HeaderSize(self):
|
||||||
|
return self.u32(4)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def TypeIndexBegin(self):
|
||||||
|
return self.u32(8)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def TypeRecordBytes(self):
|
||||||
|
return self.u32(16)
|
||||||
|
|
||||||
|
def skip_padding(self):
|
||||||
|
b = self.u8()
|
||||||
|
self.cursor -= 1
|
||||||
|
if b in (0xF1, 0xF2, 0xF3):
|
||||||
|
padding_size = b & 0xF
|
||||||
|
# assert b"\xF3\xF2\xF1".endswith(self.read(padding_size))
|
||||||
|
self.cursor += padding_size
|
||||||
|
|
||||||
|
def unsigned(self):
|
||||||
|
leaf = self.u16()
|
||||||
|
if leaf < 0x8000:
|
||||||
|
return leaf
|
||||||
|
match leaf:
|
||||||
|
case 0x8000: # LF_CHAR
|
||||||
|
return self.u8()
|
||||||
|
case 0x8002: # LF_SHORT
|
||||||
|
return self.u16()
|
||||||
|
case 0x8003 | 0x8004: # LF_LONG |LF_ULONG
|
||||||
|
return self.u32()
|
||||||
|
case 0x800A: # LF_SHORT
|
||||||
|
return self.u64()
|
||||||
|
case _:
|
||||||
|
raise ValueError
|
||||||
|
|
||||||
|
def __iter__(self):
|
||||||
|
self.type_index = self.TypeIndexBegin
|
||||||
|
self.cursor = self.HeaderSize
|
||||||
|
return self
|
||||||
|
|
||||||
|
def __next__(self):
|
||||||
|
leaf_entry = None
|
||||||
|
while leaf_entry is None:
|
||||||
|
if self.cursor == self.size:
|
||||||
|
self.types_parsed = True
|
||||||
|
raise StopIteration
|
||||||
|
if self.size - self.cursor < 4:
|
||||||
|
raise ValueError
|
||||||
|
|
||||||
|
record_length = self.u16()
|
||||||
|
record_end = self.cursor + record_length
|
||||||
|
if self.size < record_end:
|
||||||
|
raise ValueError
|
||||||
|
|
||||||
|
if self.filter is not None and self.peek_u16() not in self.filter:
|
||||||
|
self.cursor = record_end
|
||||||
|
self.type_index += 1
|
||||||
|
continue
|
||||||
|
leaf_entry = self.parse_one_leaf_entry(record_end)
|
||||||
|
self.types[self.type_index] = leaf_entry
|
||||||
|
self.type_index += 1
|
||||||
|
|
||||||
|
if self.cursor > record_end:
|
||||||
|
raise ValueError
|
||||||
|
if self.cursor < record_end:
|
||||||
|
end = self.read(record_end - self.cursor)
|
||||||
|
if not b"\xf3\xf2\xf1".endswith(end):
|
||||||
|
raise ValueError(f"Unparsed data: {end} for record {leaf_entry}")
|
||||||
|
|
||||||
|
return leaf_entry
|
||||||
|
|
||||||
|
def parse_one_leaf_entry(self, record_end):
|
||||||
|
record_type = self.u16()
|
||||||
|
|
||||||
|
if record_type not in self.REC_TYPES:
|
||||||
|
raise ValueError(f"Record {hex(record_type)} not handled")
|
||||||
|
|
||||||
|
match self.REC_TYPES.get(record_type, "???"):
|
||||||
|
case "LF_MODIFIER":
|
||||||
|
utype = self.u32()
|
||||||
|
modifier = self.u16()
|
||||||
|
record = (utype, modifier)
|
||||||
|
case "LF_POINTER":
|
||||||
|
utype = self.u32()
|
||||||
|
attr = self.u32()
|
||||||
|
if ((attr >> 5) & 7) in (2, 3): # ptrmode == Member or MemberFunction
|
||||||
|
raise ValueError
|
||||||
|
record = (utype, attr)
|
||||||
|
case "LF_STRUCTURE":
|
||||||
|
count = self.u16()
|
||||||
|
properties = self.u16()
|
||||||
|
has_unique_name = (properties & 0x200) != 0
|
||||||
|
fields = self.u32()
|
||||||
|
derived_from = self.u32()
|
||||||
|
vtable_shape = self.u32()
|
||||||
|
size = self.unsigned()
|
||||||
|
name = self.cstring()
|
||||||
|
unique_name = self.cstring() if has_unique_name else None
|
||||||
|
record = (
|
||||||
|
count,
|
||||||
|
properties,
|
||||||
|
fields,
|
||||||
|
derived_from,
|
||||||
|
vtable_shape,
|
||||||
|
size,
|
||||||
|
name,
|
||||||
|
)
|
||||||
|
case "LF_FIELDLIST":
|
||||||
|
fields = list()
|
||||||
|
continuation = None
|
||||||
|
while self.cursor < record_end:
|
||||||
|
next_field = self.u16()
|
||||||
|
if self.REC_TYPES[next_field] == "LF_INDEX":
|
||||||
|
continuation = self.u32()
|
||||||
|
else:
|
||||||
|
self.cursor -= 2
|
||||||
|
fields.append(self.parse_one_leaf_entry(record_end))
|
||||||
|
self.skip_padding()
|
||||||
|
record = (fields, continuation)
|
||||||
|
case "LF_MEMBER":
|
||||||
|
attributes = self.u16()
|
||||||
|
field_type = self.u32()
|
||||||
|
offset = self.unsigned()
|
||||||
|
name = self.cstring()
|
||||||
|
record = (attributes, field_type, offset, name)
|
||||||
|
case "LF_ARGLIST":
|
||||||
|
count = self.u32()
|
||||||
|
arglist = [self.u32() for _ in range(count)]
|
||||||
|
record = arglist
|
||||||
|
case "LF_PROCEDURE":
|
||||||
|
return_type = self.u32()
|
||||||
|
attributes = self.u16()
|
||||||
|
parameter_count = self.u16()
|
||||||
|
argument_list = self.u32()
|
||||||
|
record = (return_type, attributes, parameter_count, argument_list)
|
||||||
|
case "LF_ARRAY":
|
||||||
|
element_type = self.u32()
|
||||||
|
indexing_type = self.u32()
|
||||||
|
size = self.unsigned()
|
||||||
|
pad = self.cstring()
|
||||||
|
assert pad == b""
|
||||||
|
record = (element_type, indexing_type, size)
|
||||||
|
case "LF_UNION":
|
||||||
|
count = self.u16()
|
||||||
|
properties = self.u16()
|
||||||
|
has_unique_name = (properties & 0x200) != 0
|
||||||
|
fields = self.u32()
|
||||||
|
size = self.unsigned()
|
||||||
|
name = self.cstring()
|
||||||
|
unique_name = self.cstring() if has_unique_name else None
|
||||||
|
record = (
|
||||||
|
count,
|
||||||
|
properties,
|
||||||
|
fields,
|
||||||
|
size,
|
||||||
|
name,
|
||||||
|
)
|
||||||
|
case "LF_ENUMERATE":
|
||||||
|
attributes = self.u16()
|
||||||
|
value = self.unsigned()
|
||||||
|
name = self.cstring()
|
||||||
|
record = (attributes, value, name)
|
||||||
|
case "LF_ENUM":
|
||||||
|
count = self.u16()
|
||||||
|
properties = self.u16()
|
||||||
|
has_unique_name = (properties & 0x200) != 0
|
||||||
|
underlying_type = self.u32()
|
||||||
|
fields = self.u32()
|
||||||
|
name = self.cstring()
|
||||||
|
unique_name = self.cstring() if has_unique_name else None
|
||||||
|
record = (
|
||||||
|
count,
|
||||||
|
properties,
|
||||||
|
underlying_type,
|
||||||
|
fields,
|
||||||
|
name,
|
||||||
|
)
|
||||||
|
case "LF_BITFIELD":
|
||||||
|
underlying_type = self.u32()
|
||||||
|
length = self.u8()
|
||||||
|
position = self.u8()
|
||||||
|
record = (underlying_type, length, position)
|
||||||
|
case _:
|
||||||
|
record = ()
|
||||||
|
raise ValueError(
|
||||||
|
f"Record {hex(record_type)} / {self.REC_TYPES.get(record_type, '???')} : not implemented"
|
||||||
|
)
|
||||||
|
|
||||||
|
return self.REC_TYPES[record_type], record
|
||||||
|
|
||||||
|
|
||||||
|
import io
|
||||||
|
|
||||||
|
|
||||||
|
class Msf(object):
|
||||||
|
def __init__(self, path=None, content=None):
|
||||||
|
if content is not None:
|
||||||
|
self.f = f = io.BytesIO(content)
|
||||||
|
else:
|
||||||
|
with open(path, "rb") as f_ondisk:
|
||||||
|
self.f = f = io.BytesIO(f_ondisk.read())
|
||||||
|
FileMagic = f.read(32)
|
||||||
|
assert FileMagic == b"Microsoft C/C++ MSF 7.00\r\n" + bytes.fromhex("1A 44 53 00 00 00")
|
||||||
|
self.BlockSize = blockSize = u32f(f)
|
||||||
|
self.FreeBlockMapBlock = u32f(f)
|
||||||
|
self.NumBlocks = u32f(f)
|
||||||
|
self.NumDirectoryBytes = u32f(f)
|
||||||
|
self.Unknown = u32f(f)
|
||||||
|
self.BlockMapAddr = u32f(f)
|
||||||
|
self.StreamDirectory = MsfStreamDirectory(self)
|
||||||
|
|
||||||
|
def __del__(self):
|
||||||
|
self.f.close()
|
||||||
|
|
||||||
|
@cache
|
||||||
|
def Stream(self, stream_number):
|
||||||
|
return MsfStream(
|
||||||
|
self,
|
||||||
|
self.StreamDirectory.StreamSize(stream_number),
|
||||||
|
self.StreamDirectory.StreamBlocks(stream_number),
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class Pdb(Msf):
|
||||||
|
@cached_property
|
||||||
|
def PDBStream(self):
|
||||||
|
return PdbInfoStream(
|
||||||
|
self,
|
||||||
|
self.StreamDirectory.StreamSize(1),
|
||||||
|
self.StreamDirectory.StreamBlocks(1),
|
||||||
|
)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def DBIStream(self):
|
||||||
|
return DBIStream(
|
||||||
|
self,
|
||||||
|
self.StreamDirectory.StreamSize(3),
|
||||||
|
self.StreamDirectory.StreamBlocks(3),
|
||||||
|
)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def TPIStream(self):
|
||||||
|
return TPIorIPStream(
|
||||||
|
self,
|
||||||
|
self.StreamDirectory.StreamSize(2),
|
||||||
|
self.StreamDirectory.StreamBlocks(2),
|
||||||
|
)
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def IPIStream(self):
|
||||||
|
return TPIorIPStream(
|
||||||
|
self,
|
||||||
|
self.StreamDirectory.StreamSize(4),
|
||||||
|
self.StreamDirectory.StreamBlocks(4),
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_field_offset(self, structname, fieldname):
|
||||||
|
tpistream = self.TPIStream
|
||||||
|
if not tpistream.types_parsed:
|
||||||
|
save_filter = tpistream.filter
|
||||||
|
tpistream.filter = [
|
||||||
|
tpistream.REC_TYPES_ids["LF_FIELDLIST"],
|
||||||
|
tpistream.REC_TYPES_ids["LF_STRUCTURE"],
|
||||||
|
]
|
||||||
|
for _ in tpistream:
|
||||||
|
pass
|
||||||
|
tpistream.filter = save_filter
|
||||||
|
|
||||||
|
structname = structname.encode()
|
||||||
|
for struct_id, t in tpistream.types.items():
|
||||||
|
if t[0] == "LF_STRUCTURE":
|
||||||
|
if t[1][2] != 0 and t[1][6] == structname:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
raise ValueError(f"Structure {structname} not found in PDB")
|
||||||
|
fieldlist_id = t[1][2]
|
||||||
|
fieldlist = tpistream.types[fieldlist_id][1][0]
|
||||||
|
fieldname = fieldname.encode()
|
||||||
|
for field in fieldlist:
|
||||||
|
if fieldname == field[1][3]:
|
||||||
|
break
|
||||||
|
else:
|
||||||
|
raise ValueError(f"Field {fieldname} not found in structure {structname}")
|
||||||
|
field_offset = field[1][2]
|
||||||
|
return field_offset
|
||||||
|
|
||||||
|
def get_symbol_offset(self, symbol: str) -> int:
|
||||||
|
offset, segment = self.DBIStream.SymRecordStream.search_and_cache_symbols(symbol)
|
||||||
|
if offset == segment == None:
|
||||||
|
return None
|
||||||
|
section_virtual_address = self.DBIStream.SectionHeadersStream[segment - 1].VirtualAddress
|
||||||
|
return section_virtual_address + offset
|
||||||
Reference in New Issue
Block a user