Computer Active Guide 2009 February

home *** CD-ROM | disk | FTP | other *** search
/ Computer Active Guide 2009 February / UG2.ISO / Programos / OutpostSecuritySuiteProInstall_samag.exe / {code_GetUserTempDir} / ssi / SandBox.sys / INIT < prev next >
Unknown | 2008-12-24 | 3.6 KB
open in:
MacOS 8.1 |
Win98 |
DOS
view JSON data |
view as text

This file was not able to be converted.
This format is not currently supported by dexvert.
Confidence	Program	Detection	Match Type	Support
`100%`	file	data	default
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 2c 10 0a 00 00 00 00 00 | 00 00 00 00 fa 1d 0a 00 |,.......|........|
|00000010| b0 02 00 00 1c 10 0a 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000020| 52 1e 0a 00 a0 02 00 00 | 00 00 00 00 00 00 00 00 |R.......|........|
|00000030| 00 00 00 00 00 00 00 00 | 00 00 00 00 28 1e 0a 00 |........|....(...|
|00000040| 14 1e 0a 00 44 1e 0a 00 | 00 00 00 00 ca 12 0a 00 |....D...|........|
|00000050| da 12 0a 00 f8 12 0a 00 | 08 13 0a 00 18 13 0a 00 |........|........|
|00000060| 26 13 0a 00 3e 13 0a 00 | 48 13 0a 00 60 13 0a 00 |&...>...|H...`...|
|00000070| 6e 13 0a 00 86 13 0a 00 | 9e 13 0a 00 ae 13 0a 00 |n.......|........|
|00000080| c6 13 0a 00 e4 13 0a 00 | f0 13 0a 00 fe 13 0a 00 |........|........|
|00000090| 0c 14 0a 00 1e 14 0a 00 | 34 14 0a 00 3e 14 0a 00 |........|4...>...|
|000000a0| 4c 14 0a 00 5e 14 0a 00 | 6e 14 0a 00 7e 14 0a 00 |L...^...|n...~...|
|000000b0| 8a 14 0a 00 9e 14 0a 00 | b6 14 0a 00 c6 14 0a 00 |........|........|
|000000c0| e0 14 0a 00 f0 14 0a 00 | 02 15 0a 00 12 15 0a 00 |........|........|
|000000d0| 22 15 0a 00 38 15 0a 00 | 4e 15 0a 00 68 15 0a 00 |"...8...|N...h...|
|000000e0| 72 15 0a 00 7c 15 0a 00 | 88 15 0a 00 a2 15 0a 00 |r...|...|........|
|000000f0| bc 15 0a 00 d2 15 0a 00 | e0 15 0a 00 f2 15 0a 00 |........|........|
|00000100| 0a 16 0a 00 2e 16 0a 00 | 4c 16 0a 00 64 16 0a 00 |........|L...d...|
|00000110| 78 16 0a 00 9a 16 0a 00 | ac 16 0a 00 c4 16 0a 00 |x.......|........|
|00000120| dc 16 0a 00 f6 16 0a 00 | 06 17 0a 00 1a 17 0a 00 |........|........|
|00000130| 34 17 0a 00 4c 17 0a 00 | 5a 17 0a 00 66 17 0a 00 |4...L...|Z...f...|
|00000140| 7e 17 0a 00 8c 17 0a 00 | a0 17 0a 00 b6 17 0a 00 |~.......|........|
|00000150| ca 17 0a 00 de 17 0a 00 | fa 17 0a 00 0c 18 0a 00 |........|........|
|00000160| 24 18 0a 00 b6 12 0a 00 | 4a 18 0a 00 5e 18 0a 00 |$.......|J...^...|
|00000170| 74 18 0a 00 90 18 0a 00 | ae 18 0a 00 c6 18 0a 00 |t.......|........|
|00000180| e2 18 0a 00 f6 18 0a 00 | 0e 19 0a 00 1e 19 0a 00 |........|........|
|00000190| 2e 19 0a 00 4c 19 0a 00 | 66 19 0a 00 7a 19 0a 00 |....L...|f...z...|
|000001a0| 92 19 0a 00 9c 19 0a 00 | b6 19 0a 00 d6 19 0a 00 |........|........|
|000001b0| f6 19 0a 00 10 1a 0a 00 | 20 1a 0a 00 3c 1a 0a 00 |........| ...<...|
|000001c0| 46 1a 0a 00 62 1a 0a 00 | 7e 1a 0a 00 92 1a 0a 00 |F...b...|~.......|
|000001d0| ac 1a 0a 00 bc 1a 0a 00 | cc 1a 0a 00 d8 1a 0a 00 |........|........|
|000001e0| e4 1a 0a 00 f4 1a 0a 00 | 0a 1b 0a 00 1e 1b 0a 00 |........|........|
|000001f0| 3a 1b 0a 00 4e 1b 0a 00 | 62 1b 0a 00 6c 1b 0a 00 |:...N...|b...l...|
|00000200| 78 1b 0a 00 8c 1b 0a 00 | a8 1b 0a 00 b4 1b 0a 00 |x.......|........|
|00000210| cc 1b 0a 00 e2 1b 0a 00 | fe 1b 0a 00 18 1c 0a 00 |........|........|
|00000220| 2c 1c 0a 00 3e 1c 0a 00 | 50 1c 0a 00 68 1c 0a 00 |,...>...|P...h...|
|00000230| 7e 1c 0a 00 94 1c 0a 00 | a4 1c 0a 00 be 1c 0a 00 |~.......|........|
|00000240| da 1c 0a 00 f2 1c 0a 00 | 00 1d 0a 00 10 1d 0a 00 |........|........|
|00000250| 20 1d 0a 00 34 1d 0a 00 | 4a 1d 0a 00 64 1d 0a 00 | ...4...|J...d...|
|00000260| 7a 1d 0a 00 94 1d 0a 00 | a6 1d 0a 00 b6 1d 0a 00 |z.......|........|
|00000270| d4 1d 0a 00 e2 1d 0a 00 | ee 1d 0a 00 08 1e 0a 00 |........|........|
|00000280| 9e 12 0a 00 86 12 0a 00 | 36 18 0a 00 74 12 0a 00 |........|6...t...|
|00000290| 00 00 00 00 62 03 5a 77 | 43 72 65 61 74 65 53 65 |....b.Zw|CreateSe|
|000002a0| 63 74 69 6f 6e 00 d6 00 | 49 6e 74 65 72 6c 6f 63 |ction...|Interloc|
|000002b0| 6b 65 64 44 65 63 72 65 | 6d 65 6e 74 00 00 d9 00 |kedDecre|ment....|
|000002c0| 49 6e 74 65 72 6c 6f 63 | 6b 65 64 49 6e 63 72 65 |Interloc|kedIncre|
|000002d0| 6d 65 6e 74 00 00 45 00 | 45 78 47 65 74 50 72 65 |ment..E.|ExGetPre|
|000002e0| 76 69 6f 75 73 4d 6f 64 | 65 00 7c 03 5a 77 4f 70 |viousMod|e.|.ZwOp|
|000002f0| 65 6e 53 65 63 74 69 6f | 6e 00 ec 02 52 74 6c 4e |enSectio|n...RtlN|
|00000300| 74 53 74 61 74 75 73 54 | 6f 44 6f 73 45 72 72 6f |tStatusT|oDosErro|
|00000310| 72 4e 6f 54 65 62 00 00 | 60 03 5a 77 43 72 65 61 |rNoTeb..|`.ZwCrea|
|00000320| 74 65 46 69 6c 65 00 00 | f4 00 49 6f 43 72 65 61 |teFile..|..IoCrea|
|00000330| 74 65 46 69 6c 65 00 00 | 78 03 5a 77 4f 70 65 6e |teFile..|x.ZwOpen|
|00000340| 46 69 6c 65 00 00 44 02 | 4f 62 66 44 65 72 65 66 |File..D.|ObfDeref|
|00000350| 65 72 65 6e 63 65 4f 62 | 6a 65 63 74 00 00 5b 03 |erenceOb|ject..[.|
|00000360| 5a 77 43 6c 6f 73 65 00 | a1 03 5a 77 57 61 69 74 |ZwClose.|..ZwWait|
|00000370| 46 6f 72 53 69 6e 67 6c | 65 4f 62 6a 65 63 74 00 |ForSingl|eObject.|
|00000380| 94 03 5a 77 53 65 74 45 | 76 65 6e 74 00 00 82 03 |..ZwSetE|vent....|
|00000390| 5a 77 51 75 65 72 79 44 | 69 72 65 63 74 6f 72 79 |ZwQueryD|irectory|
|000003a0| 46 69 6c 65 00 00 95 03 | 5a 77 53 65 74 49 6e 66 |File....|ZwSetInf|
|000003b0| 6f 72 6d 61 74 69 6f 6e | 46 69 6c 65 00 00 64 03 |ormation|File..d.|
|000003c0| 5a 77 44 65 6c 65 74 65 | 46 69 6c 65 00 00 73 03 |ZwDelete|File..s.|
|000003d0| 5a 77 4d 61 6b 65 54 65 | 6d 70 6f 72 61 72 79 4f |ZwMakeTe|mporaryO|
|000003e0| 62 6a 65 63 74 00 63 03 | 5a 77 43 72 65 61 74 65 |bject.c.|ZwCreate|
|000003f0| 53 79 6d 62 6f 6c 69 63 | 4c 69 6e 6b 4f 62 6a 65 |Symbolic|LinkObje|
|00000400| 63 74 00 00 79 03 5a 77 | 4f 70 65 6e 4b 65 79 00 |ct..y.Zw|OpenKey.|
|00000410| 61 03 5a 77 43 72 65 61 | 74 65 4b 65 79 00 65 03 |a.ZwCrea|teKey.e.|
|00000420| 5a 77 44 65 6c 65 74 65 | 4b 65 79 00 6b 03 5a 77 |ZwDelete|Key.k.Zw|
|00000430| 45 6e 75 6d 65 72 61 74 | 65 4b 65 79 00 00 6c 03 |Enumerat|eKey..l.|
|00000440| 5a 77 45 6e 75 6d 65 72 | 61 74 65 56 61 6c 75 65 |ZwEnumer|ateValue|
|00000450| 4b 65 79 00 cf 03 6d 65 | 6d 73 65 74 00 00 86 03 |Key...me|mset....|
|00000460| 5a 77 51 75 65 72 79 4b | 65 79 00 00 8c 03 5a 77 |ZwQueryK|ey....Zw|
|00000470| 51 75 65 72 79 56 61 6c | 75 65 4b 65 79 00 9b 03 |QueryVal|ueKey...|
|00000480| 5a 77 53 65 74 56 61 6c | 75 65 4b 65 79 00 8f 03 |ZwSetVal|ueKey...|
|00000490| 5a 77 52 65 70 6c 61 63 | 65 4b 65 79 00 00 92 03 |ZwReplac|eKey....|
|000004a0| 5a 77 53 61 76 65 4b 65 | 79 00 66 03 5a 77 44 65 |ZwSaveKe|y.f.ZwDe|
|000004b0| 6c 65 74 65 56 61 6c 75 | 65 4b 65 79 00 00 29 02 |leteValu|eKey..).|
|000004c0| 4e 74 53 65 74 49 6e 66 | 6f 72 6d 61 74 69 6f 6e |NtSetInf|ormation|
|000004d0| 46 69 6c 65 00 00 07 02 | 4e 74 42 75 69 6c 64 4e |File....|NtBuildN|
|000004e0| 75 6d 62 65 72 00 99 03 | 5a 77 53 65 74 53 79 73 |umber...|ZwSetSys|
|000004f0| 74 65 6d 49 6e 66 6f 72 | 6d 61 74 69 6f 6e 00 00 |temInfor|mation..|
|00000500| 71 03 5a 77 4c 6f 61 64 | 44 72 69 76 65 72 00 00 |q.ZwLoad|Driver..|
|00000510| 9d 03 5a 77 55 6e 6c 6f | 61 64 44 72 69 76 65 72 |..ZwUnlo|adDriver|
|00000520| 00 00 7e 03 5a 77 4f 70 | 65 6e 54 68 72 65 61 64 |..~.ZwOp|enThread|
|00000530| 00 00 7a 03 5a 77 4f 70 | 65 6e 50 72 6f 63 65 73 |..z.ZwOp|enProces|
|00000540| 73 00 0c 01 49 6f 47 65 | 74 43 75 72 72 65 6e 74 |s...IoGe|tCurrent|
|00000550| 50 72 6f 63 65 73 73 00 | 9c 03 5a 77 54 65 72 6d |Process.|..ZwTerm|
|00000560| 69 6e 61 74 65 50 72 6f | 63 65 73 73 00 00 90 03 |inatePro|cess....|
|00000570| 5a 77 52 65 71 75 65 73 | 74 57 61 69 74 52 65 70 |ZwReques|tWaitRep|
|00000580| 6c 79 50 6f 72 74 00 00 | cd 03 6d 65 6d 63 70 79 |lyPort..|..memcpy|
|00000590| 00 00 a8 03 5f 61 6c 6c | 73 68 6c 00 ac 03 5f 61 |...._all|shl..._a|
|000005a0| 75 6c 6c 73 68 72 00 00 | 57 01 4b 65 44 65 6c 61 |ullshr..|W.KeDela|
|000005b0| 79 45 78 65 63 75 74 69 | 6f 6e 54 68 72 65 61 64 |yExecuti|onThread|
|000005c0| 00 00 35 03 53 65 43 72 | 65 61 74 65 43 6c 69 65 |..5.SeCr|eateClie|
|000005d0| 6e 74 53 65 63 75 72 69 | 74 79 00 00 60 01 4b 65 |ntSecuri|ty..`.Ke|
|000005e0| 47 65 74 43 75 72 72 65 | 6e 74 54 68 72 65 61 64 |GetCurre|ntThread|
|000005f0| 00 00 4d 03 53 65 54 6f | 6b 65 6e 54 79 70 65 00 |..M.SeTo|kenType.|
|00000600| fb 00 49 6f 44 65 6c 65 | 74 65 44 65 76 69 63 65 |..IoDele|teDevice|
|00000610| 00 00 fc 00 49 6f 44 65 | 6c 65 74 65 53 79 6d 62 |....IoDe|leteSymb|
|00000620| 6f 6c 69 63 4c 69 6e 6b | 00 00 3e 01 49 6f 55 6e |olicLink|..>.IoUn|
|00000630| 72 65 67 69 73 74 65 72 | 53 68 75 74 64 6f 77 6e |register|Shutdown|
|00000640| 4e 6f 74 69 66 69 63 61 | 74 69 6f 6e 00 00 d5 00 |Notifica|tion....|
|00000650| 49 6e 74 65 72 6c 6f 63 | 6b 65 64 43 6f 6d 70 61 |Interloc|kedCompa|
|00000660| 72 65 45 78 63 68 61 6e | 67 65 00 00 51 02 50 73 |reExchan|ge..Q.Ps|
|00000670| 43 72 65 61 74 65 53 79 | 73 74 65 6d 54 68 72 65 |CreateSy|stemThre|
|00000680| 61 64 00 00 70 01 4b 65 | 49 6e 69 74 69 61 6c 69 |ad..p.Ke|Initiali|
|00000690| 7a 65 45 76 65 6e 74 00 | f9 00 49 6f 43 72 65 61 |zeEvent.|..IoCrea|
|000006a0| 74 65 55 6e 70 72 6f 74 | 65 63 74 65 64 53 79 6d |teUnprot|ectedSym|
|000006b0| 62 6f 6c 69 63 4c 69 6e | 6b 00 f3 00 49 6f 43 72 |bolicLin|k...IoCr|
|000006c0| 65 61 74 65 44 65 76 69 | 63 65 00 00 d0 02 52 74 |eateDevi|ce....Rt|
|000006d0| 6c 49 6e 69 74 55 6e 69 | 63 6f 64 65 53 74 72 69 |lInitUni|codeStri|
|000006e0| 6e 67 00 00 92 02 52 74 | 6c 43 6f 70 79 55 6e 69 |ng....Rt|lCopyUni|
|000006f0| 63 6f 64 65 53 74 72 69 | 6e 67 00 00 67 02 50 73 |codeStri|ng..g.Ps|
|00000700| 54 65 72 6d 69 6e 61 74 | 65 53 79 73 74 65 6d 54 |Terminat|eSystemT|
|00000710| 68 72 65 61 64 00 54 01 | 4b 65 43 6c 65 61 72 45 |hread.T.|KeClearE|
|00000720| 76 65 6e 74 00 00 8a 01 | 4b 65 52 65 61 64 53 74 |vent....|KeReadSt|
|00000730| 61 74 65 45 76 65 6e 74 | 00 00 d8 00 49 6e 74 65 |ateEvent|....Inte|
|00000740| 72 6c 6f 63 6b 65 64 45 | 78 63 68 61 6e 67 65 41 |rlockedE|xchangeA|
|00000750| 64 64 00 00 36 00 45 78 | 41 6c 6c 6f 63 61 74 65 |dd..6.Ex|Allocate|
|00000760| 50 6f 6f 6c 57 69 74 68 | 54 61 67 00 42 00 45 78 |PoolWith|Tag.B.Ex|
|00000770| 46 72 65 65 50 6f 6f 6c | 00 00 b6 03 5f 73 74 72 |FreePool|...._str|
|00000780| 6e 69 63 6d 70 00 b8 01 | 4b 65 57 61 69 74 46 6f |nicmp...|KeWaitFo|
|00000790| 72 53 69 6e 67 6c 65 4f | 62 6a 65 63 74 00 a2 01 |rSingleO|bject...|
|000007a0| 4b 65 53 65 74 45 76 65 | 6e 74 00 00 86 01 4b 65 |KeSetEve|nt....Ke|
|000007b0| 51 75 65 72 79 53 79 73 | 74 65 6d 54 69 6d 65 00 |QuerySys|temTime.|
|000007c0| 45 01 49 6f 66 43 6f 6d | 70 6c 65 74 65 52 65 71 |E.IofCom|pleteReq|
|000007d0| 75 65 73 74 00 00 18 01 | 49 6f 49 73 53 79 73 74 |uest....|IoIsSyst|
|000007e0| 65 6d 54 68 72 65 61 64 | 00 00 3b 01 49 6f 54 68 |emThread|..;.IoTh|
|000007f0| 72 65 61 64 54 6f 50 72 | 6f 63 65 73 73 00 20 02 |readToPr|ocess. .|
|00000800| 4e 74 51 75 65 72 79 49 | 6e 66 6f 72 6d 61 74 69 |NtQueryI|nformati|
|00000810| 6f 6e 50 72 6f 63 65 73 | 73 00 59 01 4b 65 44 65 |onProces|s.Y.KeDe|
|00000820| 74 61 63 68 50 72 6f 63 | 65 73 73 00 56 02 50 73 |tachProc|ess.V.Ps|
|00000830| 47 65 74 50 72 6f 63 65 | 73 73 45 78 69 74 54 69 |GetProce|ssExitTi|
|00000840| 6d 65 00 00 4f 01 4b 65 | 41 74 74 61 63 68 50 72 |me..O.Ke|AttachPr|
|00000850| 6f 63 65 73 73 00 7f 01 | 4b 65 49 73 45 78 65 63 |ocess...|KeIsExec|
|00000860| 75 74 69 6e 67 44 70 63 | 00 00 3d 02 4f 62 51 75 |utingDpc|..=.ObQu|
|00000870| 65 72 79 4e 61 6d 65 53 | 74 72 69 6e 67 00 f0 01 |eryNameS|tring...|
|00000880| 4d 6d 53 65 63 74 69 6f | 6e 4f 62 6a 65 63 74 54 |MmSectio|nObjectT|
|00000890| 79 70 65 00 3f 02 4f 62 | 52 65 66 65 72 65 6e 63 |ype.?.Ob|Referenc|
|000008a0| 65 4f 62 6a 65 63 74 42 | 79 48 61 6e 64 6c 65 00 |eObjectB|yHandle.|
|000008b0| 5b 02 50 73 4c 6f 6f 6b | 75 70 50 72 6f 63 65 73 |[.PsLook|upProces|
|000008c0| 73 42 79 50 72 6f 63 65 | 73 73 49 64 00 00 5a 02 |sByProce|ssId..Z.|
|000008d0| 50 73 49 73 54 68 72 65 | 61 64 54 65 72 6d 69 6e |PsIsThre|adTermin|
|000008e0| 61 74 69 6e 67 00 5d 02 | 50 73 4c 6f 6f 6b 75 70 |ating.].|PsLookup|
|000008f0| 54 68 72 65 61 64 42 79 | 54 68 72 65 61 64 49 64 |ThreadBy|ThreadId|
|00000900| 00 00 df 01 4d 6d 49 73 | 41 64 64 72 65 73 73 56 |....MmIs|AddressV|
|00000910| 61 6c 69 64 00 00 eb 02 | 52 74 6c 4e 74 53 74 61 |alid....|RtlNtSta|
|00000920| 74 75 73 54 6f 44 6f 73 | 45 72 72 6f 72 00 5e 02 |tusToDos|Error.^.|
|00000930| 50 73 50 72 6f 63 65 73 | 73 54 79 70 65 00 68 02 |PsProces|sType.h.|
|00000940| 50 73 54 68 72 65 61 64 | 54 79 70 65 00 00 41 02 |PsThread|Type..A.|
|00000950| 4f 62 52 65 66 65 72 65 | 6e 63 65 4f 62 6a 65 63 |ObRefere|nceObjec|
|00000960| 74 42 79 50 6f 69 6e 74 | 65 72 00 00 40 02 4f 62 |tByPoint|er..@.Ob|
|00000970| 52 65 66 65 72 65 6e 63 | 65 4f 62 6a 65 63 74 42 |Referenc|eObjectB|
|00000980| 79 4e 61 6d 65 00 05 01 | 49 6f 46 69 6c 65 4f 62 |yName...|IoFileOb|
|00000990| 6a 65 63 74 54 79 70 65 | 00 00 54 02 50 73 47 65 |jectType|..T.PsGe|
|000009a0| 74 43 75 72 72 65 6e 74 | 50 72 6f 63 65 73 73 49 |tCurrent|ProcessI|
|000009b0| 64 00 db 03 73 74 72 6e | 63 70 79 00 d9 02 52 74 |d...strn|cpy...Rt|
|000009c0| 6c 49 73 4e 61 6d 65 4c | 65 67 61 6c 44 4f 53 38 |lIsNameL|egalDOS8|
|000009d0| 44 6f 74 33 00 00 77 02 | 52 74 6c 41 6e 73 69 53 |Dot3..w.|RtlAnsiS|
|000009e0| 74 72 69 6e 67 54 6f 55 | 6e 69 63 6f 64 65 53 74 |tringToU|nicodeSt|
|000009f0| 72 69 6e 67 00 00 0f 03 | 52 74 6c 55 6e 69 63 6f |ring....|RtlUnico|
|00000a00| 64 65 53 74 72 69 6e 67 | 54 6f 41 6e 73 69 53 74 |deString|ToAnsiSt|
|00000a10| 72 69 6e 67 00 00 1a 03 | 52 74 6c 55 70 63 61 73 |ring....|RtlUpcas|
|00000a20| 65 55 6e 69 63 6f 64 65 | 53 74 72 69 6e 67 00 00 |eUnicode|String..|
|00000a30| 87 03 5a 77 51 75 65 72 | 79 4f 62 6a 65 63 74 00 |..ZwQuer|yObject.|
|00000a40| 0d 01 49 6f 47 65 74 44 | 65 76 69 63 65 4f 62 6a |..IoGetD|eviceObj|
|00000a50| 65 63 74 50 6f 69 6e 74 | 65 72 00 00 e6 03 77 63 |ectPoint|er....wc|
|00000a60| 73 63 68 72 00 00 8a 03 | 5a 77 51 75 65 72 79 53 |schr....|ZwQueryS|
|00000a70| 79 6d 62 6f 6c 69 63 4c | 69 6e 6b 4f 62 6a 65 63 |ymbolicL|inkObjec|
|00000a80| 74 00 7d 03 5a 77 4f 70 | 65 6e 53 79 6d 62 6f 6c |t.}.ZwOp|enSymbol|
|00000a90| 69 63 4c 69 6e 6b 4f 62 | 6a 65 63 74 00 00 e6 02 |icLinkOb|ject....|
|00000aa0| 52 74 6c 4d 61 70 47 65 | 6e 65 72 69 63 4d 61 73 |RtlMapGe|nericMas|
|00000ab0| 6b 00 1e 01 49 6f 51 75 | 65 72 79 46 69 6c 65 49 |k...IoQu|eryFileI|
|00000ac0| 6e 66 6f 72 6d 61 74 69 | 6f 6e 00 00 44 01 49 6f |nformati|on..D.Io|
|00000ad0| 66 43 61 6c 6c 44 72 69 | 76 65 72 00 e0 00 49 6f |fCallDri|ver...Io|
|00000ae0| 41 6c 6c 6f 63 61 74 65 | 49 72 70 00 07 01 49 6f |Allocate|Irp...Io|
|00000af0| 46 72 65 65 49 72 70 00 | 08 01 49 6f 46 72 65 65 |FreeIrp.|..IoFree|
|00000b00| 4d 64 6c 00 f6 01 4d 6d | 55 6e 6c 6f 63 6b 50 61 |Mdl...Mm|UnlockPa|
|00000b10| 67 65 73 00 f8 01 4d 6d | 55 6e 6d 61 70 4c 6f 63 |ges...Mm|UnmapLoc|
|00000b20| 6b 65 64 50 61 67 65 73 | 00 00 e7 01 4d 6d 4d 61 |kedPages|....MmMa|
|00000b30| 70 4c 6f 63 6b 65 64 50 | 61 67 65 73 00 00 11 01 |pLockedP|ages....|
|00000b40| 49 6f 47 65 74 52 65 6c | 61 74 65 64 44 65 76 69 |IoGetRel|atedDevi|
|00000b50| 63 65 4f 62 6a 65 63 74 | 00 00 30 01 49 6f 53 65 |ceObject|..0.IoSe|
|00000b60| 74 49 6e 66 6f 72 6d 61 | 74 69 6f 6e 00 00 40 00 |tInforma|tion..@.|
|00000b70| 45 78 45 76 65 6e 74 4f | 62 6a 65 63 74 54 79 70 |ExEventO|bjectTyp|
|00000b80| 65 00 a6 03 5f 61 6c 6c | 6d 75 6c 00 aa 03 5f 61 |e..._all|mul..._a|
|00000b90| 75 6c 6c 64 69 76 00 00 | cc 02 52 74 6c 49 6d 61 |ulldiv..|..RtlIma|
|00000ba0| 67 65 4e 74 48 65 61 64 | 65 72 00 00 8b 03 5a 77 |geNtHead|er....Zw|
|00000bb0| 51 75 65 72 79 53 79 73 | 74 65 6d 49 6e 66 6f 72 |QuerySys|temInfor|
|00000bc0| 6d 61 74 69 6f 6e 00 00 | b4 03 5f 73 74 72 69 63 |mation..|.._stric|
|00000bd0| 6d 70 00 00 9f 03 5a 77 | 55 6e 6d 61 70 56 69 65 |mp....Zw|UnmapVie|
|00000be0| 77 4f 66 53 65 63 74 69 | 6f 6e 00 00 74 03 5a 77 |wOfSecti|on..t.Zw|
|00000bf0| 4d 61 70 56 69 65 77 4f | 66 53 65 63 74 69 6f 6e |MapViewO|fSection|
|00000c00| 00 00 9e 01 4b 65 53 65 | 72 76 69 63 65 44 65 73 |....KeSe|rviceDes|
|00000c10| 63 72 69 70 74 6f 72 54 | 61 62 6c 65 00 00 4e 01 |criptorT|able..N.|
|00000c20| 4b 65 41 64 64 53 79 73 | 74 65 6d 53 65 72 76 69 |KeAddSys|temServi|
|00000c30| 63 65 54 61 62 6c 65 00 | 7d 01 4b 65 49 6e 73 65 |ceTable.|}.KeInse|
|00000c40| 72 74 51 75 65 75 65 41 | 70 63 00 00 6d 01 4b 65 |rtQueueA|pc..m.Ke|
|00000c50| 49 6e 69 74 69 61 6c 69 | 7a 65 41 70 63 00 d6 01 |Initiali|zeApc...|
|00000c60| 4d 6d 43 72 65 61 74 65 | 53 65 63 74 69 6f 6e 00 |MmCreate|Section.|
|00000c70| fb 01 4d 6d 55 6e 6d 61 | 70 56 69 65 77 4f 66 53 |..MmUnma|pViewOfS|
|00000c80| 65 63 74 69 6f 6e 00 00 | eb 01 4d 6d 4d 61 70 56 |ection..|..MmMapV|
|00000c90| 69 65 77 4f 66 53 65 63 | 74 69 6f 6e 00 00 82 01 |iewOfSec|tion....|
|00000ca0| 4b 65 4e 75 6d 62 65 72 | 50 72 6f 63 65 73 73 6f |KeNumber|Processo|
|00000cb0| 72 73 00 00 57 02 50 73 | 47 65 74 56 65 72 73 69 |rs..W.Ps|GetVersi|
|00000cc0| 6f 6e 00 00 f8 02 52 74 | 6c 51 75 65 72 79 52 65 |on....Rt|lQueryRe|
|00000cd0| 67 69 73 74 72 79 56 61 | 6c 75 65 73 00 00 7b 02 |gistryVa|lues..{.|
|00000ce0| 52 74 6c 41 70 70 65 6e | 64 55 6e 69 63 6f 64 65 |RtlAppen|dUnicode|
|00000cf0| 54 6f 53 74 72 69 6e 67 | 00 00 25 03 52 74 6c 57 |ToString|..%.RtlW|
|00000d00| 72 69 74 65 52 65 67 69 | 73 74 72 79 56 61 6c 75 |riteRegi|stryValu|
|00000d10| 65 00 b3 03 5f 73 6e 77 | 70 72 69 6e 74 66 00 00 |e..._snw|printf..|
|00000d20| 52 01 4b 65 42 75 67 43 | 68 65 63 6b 45 78 00 00 |R.KeBugC|heckEx..|
|00000d30| 27 00 44 62 67 42 72 65 | 61 6b 50 6f 69 6e 74 00 |'.DbgBre|akPoint.|
|00000d40| 86 02 52 74 6c 43 6f 6d | 70 61 72 65 4d 65 6d 6f |..RtlCom|pareMemo|
|00000d50| 72 79 00 00 0d 03 52 74 | 6c 54 69 6d 65 54 6f 54 |ry....Rt|lTimeToT|
|00000d60| 69 6d 65 46 69 65 6c 64 | 73 00 70 00 45 78 53 79 |imeField|s.p.ExSy|
|00000d70| 73 74 65 6d 54 69 6d 65 | 54 6f 4c 6f 63 61 6c 54 |stemTime|ToLocalT|
|00000d80| 69 6d 65 00 d7 00 49 6e | 74 65 72 6c 6f 63 6b 65 |ime...In|terlocke|
|00000d90| 64 45 78 63 68 61 6e 67 | 65 00 83 03 5a 77 51 75 |dExchang|e...ZwQu|
|00000da0| 65 72 79 49 6e 66 6f 72 | 6d 61 74 69 6f 6e 46 69 |eryInfor|mationFi|
|00000db0| 6c 65 00 00 f7 01 4d 6d | 55 6e 6d 61 70 49 6f 53 |le....Mm|UnmapIoS|
|00000dc0| 70 61 63 65 00 00 e6 01 | 4d 6d 4d 61 70 49 6f 53 |pace....|MmMapIoS|
|00000dd0| 70 61 63 65 00 00 a7 02 | 52 74 6c 45 6e 6c 61 72 |pace....|RtlEnlar|
|00000de0| 67 65 64 49 6e 74 65 67 | 65 72 4d 75 6c 74 69 70 |gedInteg|erMultip|
|00000df0| 6c 79 00 00 8e 03 5a 77 | 52 65 61 64 46 69 6c 65 |ly....Zw|ReadFile|
|00000e00| 00 00 2a 00 44 62 67 50 | 72 69 6e 74 00 00 ab 03 |..*.DbgP|rint....|
|00000e10| 5f 61 75 6c 6c 72 65 6d | 00 00 6e 74 6f 73 6b 72 |_aullrem|..ntoskr|
|00000e20| 6e 6c 2e 65 78 65 00 00 | 18 03 52 74 6c 55 6e 77 |nl.exe..|..RtlUnw|
|00000e30| 69 6e 64 00 42 00 4b 65 | 47 65 74 43 75 72 72 65 |ind.B.Ke|GetCurre|
|00000e40| 6e 74 49 72 71 6c 00 00 | 44 00 4b 65 51 75 65 72 |ntIrql..|D.KeQuer|
|00000e50| 79 50 65 72 66 6f 72 6d | 61 6e 63 65 43 6f 75 6e |yPerform|anceCoun|
|00000e60| 74 65 72 00 1b 00 48 61 | 6c 4d 61 6b 65 42 65 65 |ter...Ha|lMakeBee|
|00000e70| 70 00 48 41 4c 2e 64 6c | 6c 00 00 00 00 00 00 00 |p.HAL.dl|l.......|
+--------+-------------------------+-------------------------+--------+--------+