четверг, 15 сентября 2011 г.

Неиллюзорно поражён

wincheck после добавления некоторых таблиц работает под w8 32bit без особых обточек напильником военного образца ! Хотя там поменялось весьма много чего и скомпилена w8 вся если зрение меня не обманывает с помощью vs2010
Не работают следующие вещи (в синяк при этом не падает, бгг):
  • проверка ObTypes (наверняка потому что изменилась структура _OBJECT_TYPE точно такой же как w7)
  • достаются кривые ClassGuid для PnP нотификаторов - формат точно такой же как в w7
  • проверка TDI
  • NDIS весь
  • некоторые проверяльщики всяких структур в юзер-модных прогах. Наверняка форматы структур тоже поменялись
Осталось понять как заставить w8 64бита грузить неподписанные дрова например

Update: аааааааааааааааааааааааааааааааааааа !!!!!!!!! у них теперь BSOD вот с таким :( смайликом, бгг

Update2: нам тут не верят что подобный порт возможен за один день и требуют всяческих доказательств. Извольте:
PID 0 Parent PID 0 [System Process]
PID 4 Parent PID 0 System
PID 268 Parent PID 4 kind {Session manager} C:\Windows\System32\smss.exe
PID 356 Parent PID 348 kind {Client Server Runtime Process} C:\Windows\System32\csrss.exe
PID 408 Parent PID 348 kind {Windows Start-Up Application} C:\Windows\System32\wininit.exe
PID 416 Parent PID 400 kind {Client Server Runtime Process} C:\Windows\System32\csrss.exe
PID 448 Parent PID 400 kind {WinLogon} C:\Windows\System32\winlogon.exe
PID 516 Parent PID 408 kind {Services.exe} C:\Windows\System32\services.exe
PID 524 Parent PID 408 kind {lsass} C:\Windows\System32\lsass.exe
PID 624 Parent PID 448 kind {Desktop Window Manager} C:\Windows\System32\dwm.exe
PID 636 Parent PID 516 kind {DCom Server} C:\Windows\System32\svchost.exe
PID 708 Parent PID 516 kind {RPC Service} C:\Windows\System32\svchost.exe
PID 808 Parent PID 516 kind {DHCP Client} C:\Windows\System32\svchost.exe
PID 848 Parent PID 516 kind {Wired AutoConfig Service} C:\Windows\System32\svchost.exe
PID 888 Parent PID 516 kind {WebClient} C:\Windows\System32\svchost.exe
PID 944 Parent PID 516 kind {Extensible Authentication Protocol Service} C:\Windows\System32\svchost.exe
PID 1120 Parent PID 516 kind {DNS Client} C:\Windows\System32\svchost.exe
PID 1244 Parent PID 516 kind {Print Spooler} C:\Windows\System32\spoolsv.exe
PID 1296 Parent PID 516 kind {Windows firewall} C:\Windows\System32\svchost.exe
PID 1496 Parent PID 516 service {WinDefend} C:\Program Files\Windows Defender\MsMpEng.exe
PID 1964 Parent PID 516 kind {Windows Connect Now - Config Registrar Service} C:\Windows\System32\svchost.exe
PID 2068 Parent PID 516 kind {Host Process for Windows Tasks} C:\Windows\System32\taskhost.exe
PID 2160 Parent PID 2092 kind {Explorer} C:\Windows\explorer.exe
PID 2348 Parent PID 516 service {PNRPsvc} C:\Windows\System32\svchost.exe
PID 2744 Parent PID 516 kind {Windows Search Indexer} C:\Windows\System32\SearchIndexer.exe
PID 2848 Parent PID 636 kind {Internet explorer} C:\Program Files\Internet Explorer\iexplore.exe
PID 3076 Parent PID 2848 kind {Internet explorer} C:\Program Files\Internet Explorer\iexplore.exe
PID 3724 Parent PID 636 kind {wmiprvse} C:\Windows\System32\wbem\WmiPrvSE.exe
PID 3844 Parent PID 516 kind {Windows Media Player Network Sharing Service} C:\Program Files\Windows Media Player\wmpnetwk.exe
PID 3888 Parent PID 636 kind {COM+ System Application} C:\Windows\System32\dllhost.exe
PID 1028 Parent PID 2160 kind {Far} C:\Program Files\Far2\Far.exe
PID 932 Parent PID 1028 kind {Console Window Host} C:\Windows\System32\conhost.exe
PID 2956 Parent PID 2160 kind {Internet explorer} C:\Program Files\Internet Explorer\iexplore.exe
PID 3024 Parent PID 2956 kind {Internet explorer} C:\Program Files\Internet Explorer\iexplore.exe
PID 1776 Parent PID 516 service {AxInstSV} C:\Windows\System32\svchost.exe
PID 3488 Parent PID 944 kind {WMI Reverse Performance Adapter Maintenance Utility} C:\Windows\System32\wbem\WMIADAP.exe
PID 3008 Parent PID 1028 kind {Cmd.exe} C:\Windows\System32\cmd.exe
PID 3012 Parent PID 3008 C:\work\wincheck.exe
MyWindowsChecker: len 13, kernel name ntkrnlpa.exe
HighestUserAddress: 7FFEFFFF
UserProbeAddress:   7FFF0000
SystemRangeStart:   80000000
NtMajorVersion: 6
NtMinorVersion: 2
BuildNumber:    8102
GlobalFlag: 0
Processors: 1
MmVerifierFlags 0
MmSystemSize    2 Large
DebuggerEnabled 1
DebuggerNotPresent 1
SafeBootMode    0
NXSupportPolicy A
CR0 E001003B PE MP TS ET NE WP NW CD PG
CR4 000006E9 VME DE PAE MCE PGE OSFXSR OSXMMEXCPT
WindowsType: Multiprocessor Free
KDDB:
 PsLoadedModuleList:     80F84E38
 MmLoadedUserImageList:  00000000
 KeBugCheckCallbackList: 80F8A4D0 (1994D0)
 MmNonPagedPoolStart:    8254F000
 MmNonPagedPoolEnd:      00000000
 MmPagedPoolStart:       00000000
 MmPagedPoolEnd:         00000000
 MmPageSize: 4096
Decode system scheme - rotr sub
Decode scheme - rotr sub
Driver RPHook loaded from C:\Users\red\AppData\Local\Temp\drv2
80DF1000:4CE000 flags 8804000 LoadCount 87 \SystemRoot\system32\ntkrnlpa.exe
812BF000:52000 flags 8804000 LoadCount 71 \SystemRoot\system32\halmacpi.dll
80AEC000:8000 flags 8804000 LoadCount 3 \SystemRoot\system32\kdcom.dll
85C3B000:85000 flags 9104000 LoadCount 1 \SystemRoot\system32\mcupdate_GenuineIntel.dll
85CC0000:12000 flags D104000 LoadCount 3 \SystemRoot\system32\PSHED.dll
85CD2000:8000 flags D104000 LoadCount 1 \SystemRoot\system32\BOOTVID.dll
85CDA000:43000 flags 9104000 LoadCount 3 \SystemRoot\system32\CLFS.SYS
85D1D000:6A000 flags D104000 LoadCount 2 \SystemRoot\system32\CI.dll
85D87000:2D000 flags D104000 LoadCount 12 \SystemRoot\System32\drivers\msrpc.sys
85E32000:85000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\Wdf01000.sys
85EB7000:E000 flags D104000 LoadCount 13 \SystemRoot\system32\drivers\WDFLDR.SYS
85EC5000:F000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\msreshub.sys
85ED4000:A000 flags D104000 LoadCount 6 \SystemRoot\System32\Drivers\WppRecorder.sys
85EDE000:52000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\ACPI.sys
85F30000:9000 flags D104000 LoadCount 15 \SystemRoot\System32\drivers\WMILIB.SYS
85F39000:8000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\msisadrv.sys
85F41000:2F000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\pci.sys
85F70000:6A000 flags 9104000 LoadCount 7 \SystemRoot\System32\Drivers\cng.sys
85FDA000:1B000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\tpm.sys
85E00000:A000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\vdrvroot.sys
85E0A000:F000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\pdc.sys
85E19000:14000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\partmgr.sys
85DB4000:31000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\spaceport.sys
85DE5000:10000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\volmgr.sys
8140B000:4D000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\volmgrx.sys
81458000:15000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\mountmgr.sys
8146D000:7000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\intelide.sys
81474000:E000 flags D104000 LoadCount 1 \SystemRoot\System32\drivers\PCIIDEX.SYS
81482000:10000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\storahci.sys
81492000:3D000 flags D104000 LoadCount 1 \SystemRoot\System32\drivers\storport.sys
814CF000:9000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\atapi.sys
814D8000:2B000 flags D104000 LoadCount 1 \SystemRoot\System32\drivers\ataport.SYS
81503000:13000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\EhStorClass.sys
81516000:3B000 flags 9104000 LoadCount 7 \SystemRoot\system32\drivers\fltmgr.sys
81551000:11000 flags 9104000 LoadCount 1 \SystemRoot\system32\drivers\fileinfo.sys
81562000:30000 flags 9104020 LoadCount 1 \SystemRoot\system32\drivers\WdFilter.sys
8161E000:17A000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Ntfs.sys
81798000:14000 flags 9104000 LoadCount 17 \SystemRoot\System32\Drivers\ksecdd.sys
817AC000:E000 flags 9104020 LoadCount 1 \SystemRoot\System32\drivers\pcw.sys
817BA000:9000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\Fs_Rec.sys
8183A000:D7000 flags 9104000 LoadCount 26 \SystemRoot\system32\drivers\ndis.sys
81911000:56000 flags D104000 LoadCount 26 \SystemRoot\system32\drivers\NETIO.SYS
81967000:27000 flags 9104000 LoadCount 1 \SystemRoot\System32\Drivers\ksecpkg.sys
86015000:1AB000 flags 9104020 LoadCount 1 \SystemRoot\System32\drivers\tcpip.sys
8198E000:43000 flags D104000 LoadCount 9 \SystemRoot\System32\drivers\fwpkclnt.sys
861C0000:D000 flags 9104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wfplwfs.sys
81592000:50000 flags 9104000 LoadCount 1 \SystemRoot\System32\DRIVERS\fvevol.sys
81A3F000:40000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\volsnap.sys
81A7F000:2F000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\rdyboost.sys
81AAE000:11000 flags 9104000 LoadCount 4 \SystemRoot\System32\Drivers\mup.sys
81AC7000:15000 flags 9104000 LoadCount 1 \SystemRoot\System32\drivers\disk.sys
81ADC000:43000 flags D104000 LoadCount 1 \SystemRoot\System32\drivers\CLASSPNP.SYS
81B1F000:F000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\crashdmp.sys
81B59000:25000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\cdrom.sys
81B7E000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Null.SYS
81B85000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Beep.SYS
81B8C000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\BasicRender.sys
89E3A000:F2000 flags 49104000 LoadCount 2 \SystemRoot\System32\drivers\dxgkrnl.sys
89F2C000:E000 flags 4D104000 LoadCount 6 \SystemRoot\System32\drivers\watchdog.sys
89F3A000:40000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\dxgmms1.sys
89F7A000:E000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Npfs.SYS
89F88000:A000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\Msfs.SYS
89F92000:17000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\tdx.sys
89FA9000:C000 flags 4D104000 LoadCount 7 \SystemRoot\system32\DRIVERS\TDI.SYS
89FB5000:3D000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\netbt.sys
8A019000:6C000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\afd.sys
8A085000:22000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\pacer.sys
8A0A7000:E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\netbios.sys
8A0B5000:44000 flags 49104000 LoadCount 5 \SystemRoot\system32\DRIVERS\rdbss.sys
8A0F9000:71000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\csc.sys
8A16A000:13000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\wanarp.sys
8A17D000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\nsiproxy.sys
8A188000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\npsvctrig.sys
8A193000:A000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\mssmbios.sys
8A19D000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\discache.sys
8A1AA000:1B000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\dfsc.sys
8A1D1000:24000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\tunnel.sys
89E00000:1B000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\i8042prt.sys
8A000000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\kbdclass.sys
8A00D000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\mouclass.sys
89E1B000:18000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\parport.sys
81B97000:F000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\BasicDisplay.sys
81BA6000:1E000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\E1G60I32.sys
8A1C5000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\usbohci.sys
8A41F000:60000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\USBPORT.SYS
8A47F000:4000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\CmBatt.sys
8A483000:B000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\BATTC.SYS
8A48E000:17000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\intelppm.sys
8A4A5000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\CompositeBus.sys
8A4B2000:A000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\kdnic.sys
8A4BC000:12000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\AgileVpn.sys
8A4CE000:19000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rasl2tp.sys
8A4E7000:B000 flags 49104000 LoadCount 2 \SystemRoot\system32\DRIVERS\ndistapi.sys
8A4F2000:26000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\ndiswan.sys
8A518000:15000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspppoe.sys
8A52D000:18000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\raspptp.sys
8A545000:15000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rassstp.sys
8A55A000:9000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\rdpbus.sys
8A563000:2000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\swenum.sys
8A565000:3B000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\ks.sys
8A5A0000:E000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\umbus.sys
8AC36000:61000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\usbhub.sys
8AC97000:8000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\USBD.SYS
8AC9F000:11000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\NDProxy.SYS
8ACB0000:45000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\udfs.sys
8ACF5000:A000 flags 49104000 LoadCount 2 \SystemRoot\System32\Drivers\dump_diskdump.sys
8ACFF000:10000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\dump_storahci.sys
8AD0F000:11000 flags 49104020 LoadCount 1 \SystemRoot\System32\Drivers\dump_dumpfve.sys
8B803000:346000 flags 69104000 LoadCount 4 \SystemRoot\System32\win32k.sys
8AD20000:7000 flags 4D104000 LoadCount 1 \SystemRoot\System32\drivers\HIDPARSE.SYS
8AD27000:B000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\monitor.sys
8BB60000:8000 flags 69104000 LoadCount 1 \SystemRoot\System32\TSDDD.dll
8BBA4000:2C000 flags 69104000 LoadCount 1 \SystemRoot\System32\cdd.dll
8AD32000:1E000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\luafv.sys
8AD50000:10000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\lltdio.sys
8AD60000:14000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\rspndr.sys
91012000:A5000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\HTTP.sys
910B7000:1C000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\bowser.sys
910D3000:12000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\mpsdrv.sys
910E5000:48000 flags 49104000 LoadCount 3 \SystemRoot\system32\DRIVERS\mrxsmb.sys
9112D000:48000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
91175000:29000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
9119E000:7000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\parvdm.sys
911A5000:F000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\Ndu.sys
92C1A000:B3000 flags 49104000 LoadCount 1 \SystemRoot\system32\drivers\peauth.sys
92CCD000:A000 flags 49104000 LoadCount 1 \SystemRoot\System32\Drivers\secdrv.SYS
92CD7000:30000 flags 49104000 LoadCount 3 \SystemRoot\System32\DRIVERS\srvnet.sys
92D07000:D000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\tcpipreg.sys
92D14000:75000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\srv2.sys
92D89000:57000 flags 49104000 LoadCount 1 \SystemRoot\System32\DRIVERS\srv.sys
92DE0000:12000 flags 49104000 LoadCount 1 \SystemRoot\system32\DRIVERS\mslldp.sys
92DF2000:6000 flags 49104000 LoadCount 1 \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F49BC62-C76B-4A42-BA99-906FFD225039}\MpKsl0c3af524.sys
92C00000:B000 flags 49104000 LoadCount 1 \SystemRoot\System32\drivers\condrv.sys
92C0B000:D000 flags 49104000 LoadCount 1 \??\C:\Users\red\AppData\Local\Temp\drv2
Patched wcsncpy_s + 74B2
Patched KiDispatchInterrupt + 602
KernelSection .text rva 1000, size 15F00D, 0x57ED relocs has 0x15 patched bytes !
ObType TpWorkerFactory:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       8115B3F3 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      80EC12BF \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType CompositionSurface:
 DumpProcedure:        00000000
 OpenProcedure:        8114F96A \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       8114F7C5 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      8114F8FB \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 8114F858 \SystemRoot\system32\ntkrnlpa.exe
ObType Directory:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       8107DA55 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      8107DA85 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Mutant:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      80EC3502 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Thread:
 DumpProcedure:        00000000
 OpenProcedure:        810AE66E \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       00000000
 DeleteProcedure:      810BF532 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType FilterCommunicationPort:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       8153BBCC \SystemRoot\system32\drivers\fltmgr.sys
 DeleteProcedure:      8153BBFB \SystemRoot\system32\drivers\fltmgr.sys
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType TmTx:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       811110AE \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      811110D7 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Controller:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType EtwRegistration:
 DumpProcedure:        00000000
 OpenProcedure:        811386C8 \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       8112BC33 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      8112BC98 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Profile:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      8116077B \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Event:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Type:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Section:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      81060017 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType EventPair:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType SymbolicLink:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      8107ACBB \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       8107AB6F \SystemRoot\system32\ntkrnlpa.exe
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType WaitCompletionPacket:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       80E39833 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Desktop:
 DumpProcedure:        00000000
 OpenProcedure:        8114F96A \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       8114F7C5 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      8114F8FB \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 8114F858 \SystemRoot\system32\ntkrnlpa.exe
ObType UserApcReserve:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType EtwConsumer:
 DumpProcedure:        00000000
 OpenProcedure:        811386C8 \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       811386E7 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      81138702 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Timer:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      80EC232F \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType File:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       80FFD437 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      80FFDA13 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       81000A13 \SystemRoot\system32\ntkrnlpa.exe
 SecurityProcedure:    80FFDEA7 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   81000DE7 \SystemRoot\system32\ntkrnlpa.exe
 OkayToCloseProcedure: 00000000
ObType WindowStation:
 DumpProcedure:        00000000
 OpenProcedure:        8114F96A \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       8114F7C5 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      8114F8FB \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       8114FA03 \SystemRoot\system32\ntkrnlpa.exe
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 8114F858 \SystemRoot\system32\ntkrnlpa.exe
ObType PcwObject:
 DumpProcedure:        00000000
 OpenProcedure:        817B2C4C \SystemRoot\System32\drivers\pcw.sys
 CloseProcedure:       817B2C66 \SystemRoot\System32\drivers\pcw.sys
 DeleteProcedure:      817B2C88 \SystemRoot\System32\drivers\pcw.sys
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType TmEn:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       8110FD37 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      8110FD77 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Driver:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      80FFDC1A \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType WmiGuid:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      81125DD7 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    8112590E \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType KeyedEvent:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Device:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      80FFDCC7 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       80FFEE6F \SystemRoot\system32\ntkrnlpa.exe
 SecurityProcedure:    80FFDEA7 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Token:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      810FCB89 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType ALPC Port:
 DumpProcedure:        00000000
 OpenProcedure:        8105477A \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       81054807 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      81054A5B \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType DebugObject:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       80FD9E7A \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      811700CA \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType IoCompletion:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       80FF2CFA \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      80FF2CDB \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Process:
 DumpProcedure:        00000000
 OpenProcedure:        810AE2E7 \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       810BF41B \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      810BF19F \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType TmRm:
 DumpProcedure:        00000000
 OpenProcedure:        8111358E \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       81113693 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      81113863 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Adapter:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType PowerRequest:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       810993E2 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Key:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       80FC3C03 \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      80FAB191 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       80FC41EC \SystemRoot\system32\ntkrnlpa.exe
 SecurityProcedure:    80FB5B90 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   80FC6E43 \SystemRoot\system32\ntkrnlpa.exe
 OkayToCloseProcedure: 00000000
ObType Job:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       810C612F \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      80E758CB \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType DxgkSharedAllocation:
 DumpProcedure:        00000000
 OpenProcedure:        89E4A778 \SystemRoot\System32\drivers\dxgkrnl.sys
 CloseProcedure:       00000000
 DeleteProcedure:      89E4A782 \SystemRoot\System32\drivers\dxgkrnl.sys
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Session:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      81070645 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType TmTm:
 DumpProcedure:        00000000
 OpenProcedure:        811149CB \SystemRoot\system32\ntkrnlpa.exe
 CloseProcedure:       811149DA \SystemRoot\system32\ntkrnlpa.exe
 DeleteProcedure:      81114AB0 \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType IoCompletionReserve:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Callback:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      811700CA \SystemRoot\system32\ntkrnlpa.exe
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType FilterConnectionPort:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       8153BC15 \SystemRoot\system32\drivers\fltmgr.sys
 DeleteProcedure:      8153BC75 \SystemRoot\system32\drivers\fltmgr.sys
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
ObType Semaphore:
 DumpProcedure:        00000000
 OpenProcedure:        00000000
 CloseProcedure:       00000000
 DeleteProcedure:      00000000
 ParseProcedure:       00000000
 SecurityProcedure:    810FF3D0 \SystemRoot\system32\ntkrnlpa.exe
 QueryNameProcedure:   00000000
 OkayToCloseProcedure: 00000000
Callbacks:
CB: LLTDCallbackMapper0006000007000000, total 0:
CB: AfdTdxCallback, total 0:
CB: LLTDCallbackRspndr0006000007000000, total 1:
  8AD631E2 (\SystemRoot\system32\DRIVERS\rspndr.sys)
CB: ProcessorAdd, total 6:
  85F036E7 (\SystemRoot\System32\drivers\ACPI.sys)
  81863320 (\SystemRoot\system32\drivers\ndis.sys)
  860B73DC (\SystemRoot\System32\drivers\tcpip.sys)
  81098DC7 (\SystemRoot\system32\ntkrnlpa.exe)
  8A1D8AFE (\SystemRoot\system32\DRIVERS\tunnel.sys)
  91050920 (\SystemRoot\system32\drivers\HTTP.sys)
CB: IoSessionNotifications, total 0:
CB: Phase1InitComplete, total 0:
CB: SetSystemState, total 0:
CB: NdisBindUnbind, total 0:
CB: PowerState, total C:
  811673A2 (\SystemRoot\system32\ntkrnlpa.exe)
  8113437A (\SystemRoot\system32\ntkrnlpa.exe)
  812D3C4A (\SystemRoot\system32\halmacpi.dll)
  85EE3533 (\SystemRoot\System32\drivers\ACPI.sys)
  85E90F0A (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E90F0A (\SystemRoot\system32\drivers\Wdf01000.sys)
  89E209C6 (\SystemRoot\System32\drivers\parport.sys)
  8A47FAF2 (\SystemRoot\System32\drivers\CmBatt.sys)
  85E90F0A (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E90F0A (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E90F0A (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E90F0A (\SystemRoot\system32\drivers\Wdf01000.sys)
CB: LicensingData, total 0:
CB: EnlightenmentState, total 0:
CB: WdEbNotificationCallback, total 1:
  8157FAE0 (\SystemRoot\system32\drivers\WdFilter.sys)
CB: TcpConnectionCallbackTemp, total 0:
CB: SetSystemTime, total 0:
CB: TcpTimerStarvationCallbackTemp, total 0:
bugcheck callbacks - 2:
  8186F65E (\SystemRoot\system32\drivers\ndis.sys)
  812D2B86 (\SystemRoot\system32\halmacpi.dll)
bugcheck reason callbacks - 43:
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  81B23884 (\SystemRoot\System32\Drivers\crashdmp.sys)
  81B207D2 (\SystemRoot\System32\Drivers\crashdmp.sys)
  8AC6A605 (\SystemRoot\System32\drivers\usbhub.sys)
  8AC6A656 (\SystemRoot\System32\drivers\usbhub.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  8A4445CC (\SystemRoot\System32\drivers\USBPORT.SYS)
  8A4444E9 (\SystemRoot\System32\drivers\USBPORT.SYS)
  8A444561 (\SystemRoot\System32\drivers\USBPORT.SYS)
  85ED5DF4 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5DF4 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5DF4 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  8A194F62 (\SystemRoot\System32\drivers\mssmbios.sys)
  8A194F1A (\SystemRoot\System32\drivers\mssmbios.sys)
  8A194EAA (\SystemRoot\System32\drivers\mssmbios.sys)
  8A194E62 (\SystemRoot\System32\drivers\mssmbios.sys)
  89E499A9 (\SystemRoot\System32\drivers\dxgkrnl.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85ED5DF4 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  814AF8BC (\SystemRoot\System32\drivers\storport.sys)
  81AF9A07 (\SystemRoot\System32\drivers\CLASSPNP.SYS)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  814DA510 (\SystemRoot\System32\drivers\ataport.SYS)
  814DA462 (\SystemRoot\System32\drivers\ataport.SYS)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5DF4 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85E96EE8 (\SystemRoot\system32\drivers\Wdf01000.sys)
  85ED5DF4 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85ED5E34 (\SystemRoot\System32\Drivers\WppRecorder.sys)
  85E970B2 (\SystemRoot\system32\drivers\Wdf01000.sys)
  80EB4534 (\SystemRoot\system32\ntkrnlpa.exe)
NMI callbacks - 1:
Process notifiers:
[0] 80EADC5B \SystemRoot\system32\ntkrnlpa.exe
[1] 85F7785A \SystemRoot\System32\Drivers\cng.sys
[2] 8157143C \SystemRoot\system32\drivers\WdFilter.sys
[3] 817A4005 \SystemRoot\System32\Drivers\ksecdd.sys
[4] 860A5C86 \SystemRoot\System32\drivers\tcpip.sys
Thread notifiers:
[0] 81569500 \SystemRoot\system32\drivers\WdFilter.sys
Image notifiers:
[0] 8156DC81 \SystemRoot\system32\drivers\WdFilter.sys
LogonSessionTerminatedRoutines: 2
[0] 910FBB82 \SystemRoot\system32\DRIVERS\mrxsmb.sys
[1] 8AD3F039 \SystemRoot\system32\drivers\luafv.sys
Pnp Notifiers: total 21, readed 21
Pnp[0] CategoryHardwareProfileChange DEVICE_THERMAL_ZONE addr 8109B98A \SystemRoot\system32\ntkrnlpa.exe
Pnp[1] CategoryHardwareProfileChange DEVINTERFACE_HID addr 85E0F890 \SystemRoot\system32\drivers\pdc.sys
Pnp[2] CategoryHardwareProfileChange DEVINTERFACE_HID addr 8B86A926 \SystemRoot\System32\win32k.sys
Pnp[3] CategoryHardwareProfileChange DEVINTERFACE_MT_TRANSPORT addr 8A4AA7C0 \SystemRoot\System32\drivers\CompositeBus.sys
Pnp[4] CategoryHardwareProfileChange DEVICE_MEMORY addr 8109B98A \SystemRoot\system32\ntkrnlpa.exe
Pnp[5] CategoryHardwareProfileChange {97F99BF6-4497-4F18-BB22-4B9FB2FBEF9C} addr 8109B98A \SystemRoot\system32\ntkrnlpa.exe
Pnp[6] CategoryHardwareProfileChange {97F99BF6-4497-4F18-BB22-4B9FB2FBEF9C} addr 812FDAEA \SystemRoot\system32\halmacpi.dll
Pnp[7] CategoryHardwareProfileChange DEVICE_SYS_BUTTON addr 85E0F890 \SystemRoot\system32\drivers\pdc.sys
Pnp[8] CategoryHardwareProfileChange DEVINTERFACE_MT_COMPOSITE addr 8A4AA7C0 \SystemRoot\System32\drivers\CompositeBus.sys
Pnp[9] CategoryHardwareProfileChange DEVINTERFACE_DISK addr 85DDB760 \SystemRoot\System32\drivers\spaceport.sys
Pnp[10] CategoryHardwareProfileChange DEVINTERFACE_HIDDEN_VOLUME addr 85DEC77E \SystemRoot\System32\drivers\volmgr.sys
Pnp[11] CategoryHardwareProfileChange DEVINTERFACE_MONITOR_DRIVER addr 89EA3F6F \SystemRoot\System32\drivers\dxgkrnl.sys
Pnp[12] CategoryHardwareProfileChange {DE246FC9-6529-4927-BED2-907856A9C14F} addr 8A4879D2 \SystemRoot\System32\drivers\BATTC.SYS
Pnp[13] CategoryHardwareProfileChange DEVINTERFACE_MOUSE addr 8B86A926 \SystemRoot\System32\win32k.sys
Pnp[14] CategoryHardwareProfileChange DEVINTERFACE_CDROM addr 8B86AB70 \SystemRoot\System32\win32k.sys
Pnp[15] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 85DEC77E \SystemRoot\System32\drivers\volmgr.sys
Pnp[16] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 8145F669 \SystemRoot\System32\drivers\mountmgr.sys
Pnp[17] CategoryHardwareProfileChange DEVINTERFACE_VOLUME addr 81A51B05 \SystemRoot\System32\drivers\volsnap.sys
Pnp[18] CategoryHardwareProfileChange DEVINTERFACE_KEYBOARD addr 8B86A926 \SystemRoot\System32\win32k.sys
Pnp[19] CategoryHardwareProfileChange DEVCLASS_BATTERY addr 8109B98A \SystemRoot\system32\ntkrnlpa.exe
Pnp[20] CategoryHardwareProfileChange VOLMGR_VOLUME_MANAGER addr 85E2391F \SystemRoot\System32\drivers\partmgr.sys
HAL dispatch table:
HalQuerySystemInformation:     812FCE4C
HalSetSystemInformation:       812FF032
HalQueryBusSlots:              80FE55E9
HalExamineMBR:                 80F26361
HalIoReadPartitionTable:       80FE5757
HalIoSetPartitionInformation:  80FE5DDC
HalIoWritePartitionTable:      80FE6087
HalReferenceHandlerForBus      80DF9B3D
HalReferenceBusHandler         80ED6FD2
HalDereferenceBusHandler       80ED6FD2
HalInitPnpDriver               812FD1FE
HalInitPowerManagement         812FECA4
HalGetDmaAdapter               812C4FE6
HalGetInterruptTranslator      812FCDF0
HalStartMirroring              80FE557F
HalEndMirroring                80E6627F
HalMirrorPhysicalMemory        80F34C0B
HalEndOfBoot                   812FF028
HalMirrorVerify                80F34C0B
HalGetCachedAcpiTable          812C3826
HalSetPciErrorHandlerCallback  812E865E
Unknown HAL private dispatch table version 12

Комментариев нет:

Отправить комментарий