Last active
March 19, 2018 19:00
-
-
Save MagicRB/5b93f2d4437b77c7f12a31f58dc3ca03 to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0009:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 0009:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 0009:Call KERNEL32.__wine_kernel_init() ret=7bc58855 | |
| 000b:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000b:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 000b:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000b:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000b:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000b:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000b:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000b:Call PE DLL (proc=0x7efe7e051730,module=0x7efe7e000000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000b:Ret PE DLL (proc=0x7efe7e051730,module=0x7efe7e000000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000b:Starting process L"C:\\windows\\system32\\wineboot.exe" (entryproc=0x7efe7e38dc80) | |
| 000b:Call KERNEL32.GetWindowsDirectoryW(7efe7e59efa0,00000104,) ret=7efe7e38968a | |
| 000b:Ret KERNEL32.GetWindowsDirectoryW() retval=0000000a ret=7efe7e38968a | |
| 000b:Call KERNEL32.SetCurrentDirectoryW(7efe7e59efa0 L"C:\\windows",) ret=7efe7e389696 | |
| 000b:Ret KERNEL32.SetCurrentDirectoryW() retval=00000001 ret=7efe7e389696 | |
| 000b:Call KERNEL32.IsWow64Process(ffffffffffffffff,0023ed38,) ret=7efe7e3896c0 | |
| 000b:Ret KERNEL32.IsWow64Process() retval=00000001 ret=7efe7e3896c0 | |
| 000b:Call KERNEL32.ResetEvent(00000014,) ret=7efe7e38982e | |
| 000b:Ret KERNEL32.ResetEvent() retval=00000001 ret=7efe7e38982e | |
| 000b:Call ntdll.NtQuerySystemInformation(00000001,0023eda0,0000000c,00000000,) ret=7efe7e38986d | |
| 000b:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7efe7e38986d | |
| 000b:Call ntdll.RtlAllocateHeap(00010000,00000000,000000c0,) ret=7efe7e389884 | |
| 000b:Ret ntdll.RtlAllocateHeap() retval=0001c9e0 ret=7efe7e389884 | |
| 000b:Call ntdll.NtPowerInformation(0000000b,00000000,00000000,0001c9e0,000000c0,) ret=7efe7e3898af | |
| 000b:Ret ntdll.NtPowerInformation() retval=00000000 ret=7efe7e3898af | |
| 000b:Call advapi32.RegCreateKeyExW(ffffffff80000002,7efe7e38f4a0 L"Hardware\\Description\\System",00000000,00000000,00000001,000f003f,00000000,0023ed50,00000000,) ret=7efe7e389945 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389945 | |
| 000b:Call advapi32.RegSetValueExW(00000020,7efe7e38f470 L"Identifier",00000000,00000001,7efe7e38f410,0000001c,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCreateKeyExW(00000020,7efe7e38f3e0 L"FloatingPointProcessor",00000000,00000000,00000001,000f003f,00000000,0023ed80,00000000,) ret=7efe7e3899d8 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e3899d8 | |
| 000b:Call advapi32.RegCreateKeyExW(00000020,7efe7e38f3a0 L"CentralProcessor",00000000,00000000,00000001,000f003f,00000000,0023ed58,00000000,) ret=7efe7e389a22 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389a22 | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"0",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001c9e4,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"0",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"1",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001c9fc,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"1",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"2",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001ca14,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"2",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"3",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001ca2c,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"3",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"4",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001ca44,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"4",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"5",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001ca5c,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"5",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"6",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001ca74,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"6",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCreateKeyExW(00000028,0023f230 L"7",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aff | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aff | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f370 L"FeatureSet",00000000,00000004,0023eda8,00000004,) ret=7efe7e389b32 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389b32 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f340 L"ProcessorNameString",00000000,00000001,7efe7e38f2e0,00000044,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f2a0 L"VendorIdentifier",00000000,00000001,7efe7e38f280,0000001a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f268 L"~MHz",00000000,00000004,0001ca8c,00000004,) ret=7efe7e389ba9 | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e389ba9 | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e389bba | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389bba | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,0023f230 L"7",00000000,00000000,00000001,000f003f,00000000,0023ed48,00000000,) ret=7efe7e389aa2 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389aa2 | |
| 000b:Call advapi32.RegSetValueExW(0000002c,7efe7e38f470 L"Identifier",00000000,00000001,0023f440,00000042,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(0000002c,) ret=7efe7e38b15a | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38b15a | |
| 000b:Call advapi32.RegCloseKey(00000024,) ret=7efe7e38a4da | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38a4da | |
| 000b:Call advapi32.RegCloseKey(00000028,) ret=7efe7e38a4e7 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38a4e7 | |
| 000b:Call advapi32.RegCloseKey(00000020,) ret=7efe7e38a4f4 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38a4f4 | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,0001c9e0,) ret=7efe7e38a50b | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38a50b | |
| 000b:Call advapi32.RegCreateKeyExW(ffffffff80000006,7efe7e38f240 L"PerfStats\\StatData",00000000,00000000,00000000,00020006,00000000,0023eda0,00000000,) ret=7efe7e389d6c | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389d6c | |
| 000b:Call advapi32.RegCloseKey(00000028,) ret=7efe7e389d85 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389d85 | |
| 000b:Call advapi32.RegCreateKeyExW(ffffffff80000006,7efe7e38f200 L"Config Manager\\Enum",00000000,00000000,00000000,00020006,00000000,0023eda0,00000000,) ret=7efe7e389db9 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e389db9 | |
| 000b:Call advapi32.RegCloseKey(00000028,) ret=7efe7e389dd2 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e389dd2 | |
| 000b:Call advapi32.RegCreateKeyW(ffffffff80000002,7efe7e38f180 L"System\\CurrentControlSet\\Control\\Session Manager\\Environment",0023ed80,) ret=7efe7e389df0 | |
| 000b:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7efe7e389df0 | |
| 000b:Call ntdll.NtQuerySystemInformation(00000001,0023eda0,0000000c,00000000,) ret=7efe7e38ad45 | |
| 000b:Ret ntdll.NtQuerySystemInformation() retval=00000000 ret=7efe7e38ad45 | |
| 000b:Call advapi32.RegSetValueExW(00000024,7efe7e38f140 L"NUMBER_OF_PROCESSORS",00000000,00000001,0023f440,00000004,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(00000024,7efe7e38f0e0 L"PROCESSOR_ARCHITECTURE",00000000,00000001,7efe7e38f130,0000000c,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(00000024,7efe7e38efe0 L"PROCESSOR_IDENTIFIER",00000000,00000001,0023f440,00000062,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(00000024,7efe7e38efc0 L"PROCESSOR_LEVEL",00000000,00000001,0023f440,00000004,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegSetValueExW(00000024,7efe7e38ef80 L"PROCESSOR_REVISION",00000000,00000001,0023f440,0000000a,) ret=7efe7e38cf8b | |
| 000b:Ret advapi32.RegSetValueExW() retval=00000000 ret=7efe7e38cf8b | |
| 000b:Call advapi32.RegCloseKey(00000024,) ret=7efe7e38aea2 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38aea2 | |
| 000b:Call KERNEL32.GetPrivateProfileSectionW(7efe7e38ef68 L"rename",0023f440,00000400,7efe7e38ef50 L"wininit.ini",) ret=7efe7e389e84 | |
| 000b:Ret KERNEL32.GetPrivateProfileSectionW() retval=00000000 ret=7efe7e389e84 | |
| 000b:Call advapi32.RegOpenKeyExW(ffffffff80000002,7efe7e38eea0 L"System\\CurrentControlSet\\Control\\Session Manager",00000000,000f003f,0023eda0,) ret=7efe7e389f03 | |
| 000b:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7efe7e389f03 | |
| 000b:Call advapi32.RegQueryValueExW(00000024,7efe7e38ee60 L"PendingFileRenameOperations",00000000,00000000,00000000,0023ed80,) ret=7efe7e38ac9f | |
| 000b:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7efe7e38ac9f | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7efe7e38acda | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38acda | |
| 000b:Call advapi32.RegCloseKey(00000024,) ret=7efe7e38acf8 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38acf8 | |
| 000b:Call advapi32.RegOpenKeyW(ffffffff80000002,7efe7e38ede0 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",0023eda0,) ret=7efe7e389f38 | |
| 000b:Ret advapi32.RegOpenKeyW() retval=00000002 ret=7efe7e389f38 | |
| 000b:Call advapi32.RegCloseKey(00000000,) ret=7efe7e389f55 | |
| 000b:Ret advapi32.RegCloseKey() retval=00000006 ret=7efe7e389f55 | |
| 000b:Call KERNEL32.GetSystemDirectoryW(00000000,00000000,) ret=7efe7e389f66 | |
| 000b:Ret KERNEL32.GetSystemDirectoryW() retval=00000014 ret=7efe7e389f66 | |
| 000b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000040,) ret=7efe7e389f84 | |
| 000b:Ret ntdll.RtlAllocateHeap() retval=0001cca0 ret=7efe7e389f84 | |
| 000b:Call KERNEL32.GetSystemDirectoryW(0001cca0,00000014,) ret=7efe7e389f91 | |
| 000b:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7efe7e389f91 | |
| 000b:Call KERNEL32.FindFirstFileW(0001cca0 L"C:\\windows\\system32\\dllcache\\*",0023f440,) ret=7efe7e389fe0 | |
| 000b:Ret KERNEL32.FindFirstFileW() retval=ffffffffffffffff ret=7efe7e389fe0 | |
| 000b:Call KERNEL32.FindClose(ffffffffffffffff,) ret=7efe7e38a29c | |
| 000b:Ret KERNEL32.FindClose() retval=00000000 ret=7efe7e38a29c | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,0001cca0,) ret=7efe7e38a2b3 | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38a2b3 | |
| 000b:Call advapi32.RegCreateKeyExW(ffffffff80000002,7efe7e38ea00 L"Software\\Microsoft\\Windows\\CurrentVersion",00000000,00000000,00000000,00020019,00000000,0023ec00,00000000,) ret=7efe7e38d5f9 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e38d5f9 | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,7efe7e38f5c0 L"RunServicesOnce",00000000,00000000,00000000,000f003f,00000000,0023ec08,0023ebe0,) ret=7efe7e38d643 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e38d643 | |
| 000b:Call advapi32.RegCloseKey(00000024,) ret=7efe7e38d65d | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38d65d | |
| 000b:Call advapi32.RegQueryInfoKeyW(00000028,00000000,00000000,00000000,00000000,00000000,00000000,0023ebe4,0023ebec,0023ebe8,00000000,00000000,) ret=7efe7e38d79d | |
| 000b:Ret advapi32.RegQueryInfoKeyW() retval=00000000 ret=7efe7e38d79d | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7efe7e38d690 | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38d690 | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7efe7e38d6a7 | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38d6a7 | |
| 000b:Call advapi32.RegCloseKey(00000028,) ret=7efe7e38d6be | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38d6be | |
| 000b:Call advapi32.RegCreateKeyExW(ffffffff80000002,7efe7e38ea00 L"Software\\Microsoft\\Windows\\CurrentVersion",00000000,00000000,00000000,00020019,00000000,0023ec00,00000000,) ret=7efe7e38d5f9 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e38d5f9 | |
| 000b:Call advapi32.RegCreateKeyExW(00000024,7efe7e38f5a0 L"RunServices",00000000,00000000,00000000,00020019,00000000,0023ec08,0023ebe0,) ret=7efe7e38d643 | |
| 000b:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7efe7e38d643 | |
| 000b:Call advapi32.RegCloseKey(00000024,) ret=7efe7e38d65d | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38d65d | |
| 000b:Call advapi32.RegQueryInfoKeyW(00000028,00000000,00000000,00000000,00000000,00000000,00000000,0023ebe4,0023ebec,0023ebe8,00000000,00000000,) ret=7efe7e38d79d | |
| 000b:Ret advapi32.RegQueryInfoKeyW() retval=00000000 ret=7efe7e38d79d | |
| 000b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000005c,) ret=7efe7e38d839 | |
| 000b:Ret ntdll.RtlAllocateHeap() retval=0001cca0 ret=7efe7e38d839 | |
| 000b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7efe7e38d870 | |
| 000b:Ret ntdll.RtlAllocateHeap() retval=0001cd10 ret=7efe7e38d870 | |
| 000b:Call advapi32.RegEnumValueW(00000028,00000000,0001cd10,0023ebf0,00000000,0023ebf8,0001cca0,0023ebf4,) ret=7efe7e38d8f5 | |
| 000b:Ret advapi32.RegEnumValueW() retval=00000000 ret=7efe7e38d8f5 | |
| 000b:Call KERNEL32.CreateProcessW(00000000,0001cca0 L"C:\\windows\\system32\\winemenubuilder.exe -a -r",00000000,00000000,00000000,00000000,00000000,00000000,0023ec30,0023ec10,) ret=7efe7e38d9d2 | |
| 000d:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000d:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 000d:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000b:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7efe7e38d9d2 | |
| 000b:Call KERNEL32.CloseHandle(00000034,) ret=7efe7e38db2c | |
| 000b:Ret KERNEL32.CloseHandle() retval=00000001 ret=7efe7e38db2c | |
| 000b:Call KERNEL32.CloseHandle(00000030,) ret=7efe7e38db36 | |
| 000b:Ret KERNEL32.CloseHandle() retval=00000001 ret=7efe7e38db36 | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,0001cd10,) ret=7efe7e38d690 | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38d690 | |
| 000b:Call ntdll.RtlFreeHeap(00010000,00000000,0001cca0,) ret=7efe7e38d6a7 | |
| 000b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7efe7e38d6a7 | |
| 000b:Call advapi32.RegCloseKey(00000028,) ret=7efe7e38d6be | |
| 000b:Ret advapi32.RegCloseKey() retval=00000000 ret=7efe7e38d6be | |
| 000b:Call KERNEL32.GetSystemDirectoryW(0023f440,000000f7,) ret=7efe7e38a32c | |
| 000b:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7efe7e38a32c | |
| 000b:Call KERNEL32.CreateProcessW(0023f440 L"C:\\windows\\system32\\services.exe",0023f440 L"C:\\windows\\system32\\services.exe",00000000,00000000,00000001,00000008,00000000,00000000,0023eda0,0023ed80,) ret=7efe7e38a3ae | |
| 000f:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000f:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 000f:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000b:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7efe7e38a3ae | |
| 000b:Call KERNEL32.CloseHandle(00000030,) ret=7efe7e38b27d | |
| 000b:Ret KERNEL32.CloseHandle() retval=00000001 ret=7efe7e38b27d | |
| 000b:Call KERNEL32.WaitForMultipleObjects(00000002,0023f230,00000000,ffffffff,) ret=7efe7e38b2cc | |
| 000d:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c81dbd730,module=0x7f1c81d60000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Ret PE DLL (proc=0x7f1c81dbd730,module=0x7f1c81d60000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c81654d90,module=0x7f1c815b0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call PE DLL (proc=0x7f9c24b6c730,module=0x7f9c24b10000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret PE DLL (proc=0x7f9c24b6c730,module=0x7f9c24b10000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call PE DLL (proc=0x7f9c248fe1f0,module=0x7f9c248f0000 L"userenv.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call KERNEL32.DisableThreadLibraryCalls(7f9c248f0000,) ret=7f9c248fb8c8 | |
| 000f:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f9c248fb8c8 | |
| 000f:Ret PE DLL (proc=0x7f9c248fe1f0,module=0x7f9c248f0000 L"userenv.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Starting process L"C:\\windows\\system32\\services.exe" (entryproc=0x7f9c25155a30) | |
| 000f:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f9c25156da0 L"SYSTEM\\CurrentControlSet\\Control\\ServiceCurrent",00000000,00000000,00000001,00000003,00000000,7f9c2535f278,00000000,) ret=7f9c2513b54e | |
| 000f:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7f9c2513b54e | |
| 000f:Call advapi32.RegOpenKeyW(ffffffff80000002,7f9c25156d40 L"System\\CurrentControlSet\\Control",0023fc10,) ret=7f9c2513b59e | |
| 000f:Ret advapi32.RegOpenKeyW() retval=00000000 ret=7f9c2513b59e | |
| 000f:Call advapi32.RegQueryValueExW(00000028,7f9c25156d00 L"ServicesPipeTimeout",00000000,0023fc08,0023fc20,0023fc0c,) ret=7f9c2513b744 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c2513b744 | |
| 000f:Call advapi32.RegQueryValueExW(00000028,7f9c25156cc0 L"WaitToKillServiceTimeout",00000000,0023fc08,0023fc20,0023fc0c,) ret=7f9c2513b77d | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c2513b77d | |
| 000f:Call advapi32.RegCloseKey(00000028,) ret=7f9c2513b79e | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c2513b79e | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f9c2513b5c8 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001ef70 ret=7f9c2513b5c8 | |
| 000f:Call KERNEL32.InitializeCriticalSection(0001efa0,) ret=7f9c2513b60b | |
| 000f:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c2513b60b | |
| 000f:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f9c251570e0 L"System\\CurrentControlSet\\Services",00000000,00000000,00000000,02000000,00000000,0001ef70,00000000,) ret=7f9c2513b64a | |
| 000f:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7f9c2513b64a | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000000,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f020 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f110 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L".NET CLR Networking 4.0.0.0",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f160 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f190 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570a0 L"Type",00000000,0023f924,0001f070,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157090 L"Start",00000000,0023f924,0001f074,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f078,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fc8 L"Tag",00000000,0023f924,0001f090,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f0b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000030,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(0000002c,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f110,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f160,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f190,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f020,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000001,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f020 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f110 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L".NET Memory Cache 4.0",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f150 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f180 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570a0 L"Type",00000000,0023f924,0001f070,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157090 L"Start",00000000,0023f924,0001f074,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f078,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fc8 L"Tag",00000000,0023f924,0001f090,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f0b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000030,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(0000002c,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f110,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f150,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f180,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f020,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000002,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f020 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f110 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"ASP.NET",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f140 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f170 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570a0 L"Type",00000000,0023f924,0001f070,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157090 L"Start",00000000,0023f924,0001f074,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f078,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fc8 L"Tag",00000000,0023f924,0001f090,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f0b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000030,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(0000002c,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f110,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f140,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f170,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f020,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000003,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f020 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000024,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f110 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"ASP.NET_4.0.30319",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f150 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f180 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570a0 L"Type",00000000,0023f924,0001f070,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157090 L"Start",00000000,0023f924,0001f074,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f078,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fc8 L"Tag",00000000,0023f924,0001f090,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f0b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000030,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(0000002c,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f110,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f150,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f180,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f020,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000004,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f020 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f110 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"BITS",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f140 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157050 L"ImagePath",00000000,0023f904,0001f140,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f1b0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fd0 L"ObjectName",00000000,0023f904,0001f1b0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f1e0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570b0 L"DisplayName",00000000,0023f904,0001f1e0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f210 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fb0 L"Description",00000000,0023f904,0001f210,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f240 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f270 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c251570a0 L"Type",00000000,0023f924,0001f070,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157090 L"Start",00000000,0023f924,0001f074,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f078,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156fc8 L"Tag",00000000,0023f924,0001f090,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f0b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000030,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000030,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000005,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f2a0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f390 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"clr_optimization_v4.0.30319_32",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000078,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f3e0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25157050 L"ImagePath",00000000,0023f904,0001f3e0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f470 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156fd0 L"ObjectName",00000000,0023f904,0001f470,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000005c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f4a0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c251570b0 L"DisplayName",00000000,0023f904,0001f4a0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f510 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156fb0 L"Description",00000000,0023f904,0001f510,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f560 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f590 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c251570a0 L"Type",00000000,0023f924,0001f2f0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25157090 L"Start",00000000,0023f924,0001f2f4,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f2f8,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156fc8 L"Tag",00000000,0023f924,0001f310,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f330,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000034,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000034,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000006,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f5c0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f6b0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"clr_optimization_v4.0.30319_64",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000007c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f700 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25157050 L"ImagePath",00000000,0023f904,0001f700,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f790 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156fd0 L"ObjectName",00000000,0023f904,0001f790,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000005c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f7c0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c251570b0 L"DisplayName",00000000,0023f904,0001f7c0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f830 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156fb0 L"Description",00000000,0023f904,0001f830,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f880 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f8b0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c251570a0 L"Type",00000000,0023f924,0001f610,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25157090 L"Start",00000000,0023f924,0001f614,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f618,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156fc8 L"Tag",00000000,0023f924,0001f630,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f650,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000038,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000038,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000007,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f8e0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f9d0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Eventlog",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fa00 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fa30 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c251570a0 L"Type",00000000,0023f924,0001f930,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157090 L"Start",00000000,0023f924,0001f934,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f938,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fc8 L"Tag",00000000,0023f924,0001f950,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f970,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(0000003c,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000038,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f9d0,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001fa00,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001fa30,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,0001f8e0,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000008,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f8e0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001f9d0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"FontCache",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fa00 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157050 L"ImagePath",00000000,0023f904,0001fa00,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Ret PE DLL (proc=0x7f1c81654d90,module=0x7f1c815b0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000d:Call PE DLL (proc=0x7f1c813979e0,module=0x7f1c81390000 L"version.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c81390000,) ret=7f1c81397b31 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c81397b31 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000d:Ret PE DLL (proc=0x7f1c813979e0,module=0x7f1c81390000 L"version.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fa70 ret=7f9c25145035 | |
| 000d:Call PE DLL (proc=0x7f1c819ee370,module=0x7f1c81940000 L"user32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fd0 L"ObjectName",00000000,0023f904,0001fa70,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001faa0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c251570b0 L"DisplayName",00000000,0023f904,0001faa0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001faf0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fb0 L"Description",00000000,0023f904,0001faf0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fb40 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fb70 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c251570a0 L"Type",00000000,0023f924,0001f930,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157090 L"Start",00000000,0023f924,0001f934,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25157070 L"ErrorControl",00000000,0023f924,0001f938,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156fc8 L"Tag",00000000,0023f924,0001f950,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001f970,0023f920,) ret=7f9c25145332 | |
| 000d:Call PE DLL (proc=0x7f1c7f6a6ea0,module=0x7f1c7f690000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000003c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000d:Call user32.User32InitializeImmEntryTable(19650412,) ret=7f1c7f6a4816 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(0000003c,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000d:Ret user32.User32InitializeImmEntryTable() retval=00000001 ret=7f1c7f6a4816 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000009,0023f980,00000104,) ret=7f9c251433e0 | |
| 000d:Ret PE DLL (proc=0x7f1c7f6a6ea0,module=0x7f1c7f690000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000d:Ret PE DLL (proc=0x7f1c819ee370,module=0x7f1c81940000 L"user32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000d:Call PE DLL (proc=0x7f1c81152c70,module=0x7f1c81100000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fba0 ret=7f9c25142903 | |
| 000d:Ret PE DLL (proc=0x7f1c81152c70,module=0x7f1c81100000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c82104a40,module=0x7f1c82010000 L"ole32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f9c25144e48 | |
| 000d:Ret PE DLL (proc=0x7f1c82104a40,module=0x7f1c82010000 L"ole32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c80e648a0,module=0x7f1c80d90000 L"oleaut32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fc90 ret=7f9c25144e48 | |
| 000d:Call KERNEL32.GetEnvironmentVariableW(7f1c80e678b0 L"oanocache",00000000,00000000,) ret=7f1c80da5799 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"FontCache3.0.0.0",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000d:Ret KERNEL32.GetEnvironmentVariableW() retval=00000000 ret=7f1c80da5799 | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c80d90000,) ret=7f1c80e05f75 | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c80e05f75 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Ret PE DLL (proc=0x7f1c80e648a0,module=0x7f1c80d90000 L"oleaut32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c80b5e630,module=0x7f1c80b50000 L"propsys.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c80b50000,) ret=7f1c80b5af2f | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c80b5af2f | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000008e,) ret=7f9c25145035 | |
| 000d:Ret PE DLL (proc=0x7f1c80b5e630,module=0x7f1c80b50000 L"propsys.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c80916130,module=0x7f1c808d0000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fcd0 ret=7f9c25145035 | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c808d0000,) ret=7f1c809037cf | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c809037cf | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25157050 L"ImagePath",00000000,0023f904,0001fcd0,0023f900,) ret=7f9c25145059 | |
| 000d:Call KERNEL32.TlsAlloc() ret=7f1c809037db | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000d:Ret KERNEL32.TlsAlloc() retval=00000001 ret=7f1c809037db | |
| 000d:Ret PE DLL (proc=0x7f1c80916130,module=0x7f1c808d0000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Call PE DLL (proc=0x7f1c82434f80,module=0x7f1c823a0000 L"windowscodecs.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c823a0000,) ret=7f1c823d6e23 | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c823d6e23 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c823a0000,) ret=7f1c823faaa5 | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c823faaa5 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000d:Ret PE DLL (proc=0x7f1c82434f80,module=0x7f1c823a0000 L"windowscodecs.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call PE DLL (proc=0x7f1c804f7ea0,module=0x7f1c80440000 L"shell32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000d:Call KERNEL32.DisableThreadLibraryCalls(7f1c80440000,) ret=7f1c8048421a | |
| 000d:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f1c8048421a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fd70 ret=7f9c25145035 | |
| 000d:Call KERNEL32.GetModuleFileNameW(7f1c80440000,7f1c808b6580,00000104,) ret=7f1c8048422f | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156fd0 L"ObjectName",00000000,0023f904,0001fd70,0023f900,) ret=7f9c25145059 | |
| 000d:Ret KERNEL32.GetModuleFileNameW() retval=0000001f ret=7f1c8048422f | |
| 000d:Ret PE DLL (proc=0x7f1c804f7ea0,module=0x7f1c80440000 L"shell32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000d:Starting process L"C:\\windows\\system32\\winemenubuilder.exe" (entryproc=0x7f1c827915d0) | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Call KERNEL32.GetCommandLineW() ret=7f1c827916a1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000d:Ret KERNEL32.GetCommandLineW() retval=00120768 ret=7f1c827916a1 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000068,) ret=7f9c25145035 | |
| 000d:Call KERNEL32.GetStartupInfoW(0023fc60,) ret=7f1c8279171f | |
| 000d:Ret KERNEL32.GetStartupInfoW() retval=00000004 ret=7f1c8279171f | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fda0 ret=7f9c25145035 | |
| 000d:Call KERNEL32.GetModuleHandleW(00000000,) ret=7f1c82791744 | |
| 000d:Ret KERNEL32.GetModuleHandleW() retval=7f1c82780000 ret=7f1c82791744 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c251570b0 L"DisplayName",00000000,0023f904,0001fda0,0023f900,) ret=7f9c25145059 | |
| 000d:Call shell32.SHGetFolderPathW(00000000,00000000,00000000,00000000,0023f700,) ret=7f1c8278a625 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000d:Call advapi32.RegCreateKeyW(ffffffff80000001,7f1c80509580 L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",0023e968,) ret=7f1c804b0b00 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7f1c804b0b00 | |
| 000d:Call advapi32.RegCreateKeyW(ffffffff80000001,7f1c805094e0 L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",0023e960,) ret=7f1c804b0b94 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000d:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7f1c804b0b94 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000068,) ret=7f9c25145035 | |
| 000d:Call advapi32.RegQueryValueExW(00000060,7f1c8050b110 L"Desktop",00000000,0023e958,0023f320,0023e95c,) ret=7f1c804b0bcd | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fe20 ret=7f9c25145035 | |
| 000d:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f1c804b0bcd | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156fb0 L"Description",00000000,0023f904,0001fe20,0023f900,) ret=7f9c25145059 | |
| 000d:Call advapi32.RegCreateKeyExW(ffffffff80000002,7f1c80509680 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",00000000,00000000,00000000,000f003f,00000000,0023e0c0,0023e0c8,) ret=7f1c804b02a3 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000d:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7f1c804b02a3 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000d:Call KERNEL32.GetSystemDirectoryW(0023e700,00000104,) ret=7f1c804b07d2 | |
| 000d:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f1c804b07d2 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000d:Call advapi32.RegQueryValueExW(00000064,7f1c80509640 L"ProfilesDirectory",00000000,0023e050,0023e2e0,0023e054,) ret=7f1c804af98c | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000d:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f1c804af98c | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fea0 ret=7f9c251452d3 | |
| 000d:Call advapi32.GetUserNameW(0023e700,0023e0c8,) ret=7f1c804b04db | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000d:Ret advapi32.GetUserNameW() retval=00000001 ret=7f1c804b04db | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000d:Call shlwapi.PathAppendW(0023ed90 L"C:\\users",0023e700 L"main",) ret=7f1c804b04e6 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000d:Ret shlwapi.PathAppendW() retval=00000001 ret=7f1c804b04e6 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fed0 ret=7f9c251452d3 | |
| 000d:Call shlwapi.PathAppendW(0023ed90 L"C:\\users\\main",0023e0ea L"\\Desktop",) ret=7f1c804b0535 | |
| 000d:Ret shlwapi.PathAppendW() retval=00000001 ret=7f1c804b0535 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c251570a0 L"Type",00000000,0023f924,0001fbf0,0023f920,) ret=7f9c25145332 | |
| 000d:Call advapi32.RegCloseKey(00000064,) ret=7f1c804b019a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000d:Ret advapi32.RegCloseKey() retval=00000000 ret=7f1c804b019a | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25157090 L"Start",00000000,0023f924,0001fbf4,0023f920,) ret=7f9c25145332 | |
| 000d:Call advapi32.RegSetValueExW(0000005c,7f1c8050b110 L"Desktop",00000000,00000001,0023f320,0000002c,) ret=7f1c804b0c40 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000d:Ret advapi32.RegSetValueExW() retval=00000000 ret=7f1c804b0c40 | |
| 000d:Call advapi32.RegCloseKey(0000005c,) ret=7f1c804b0c6e | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25157070 L"ErrorControl",00000000,0023f924,0001fbf8,0023f920,) ret=7f9c25145332 | |
| 000d:Ret advapi32.RegCloseKey() retval=00000000 ret=7f1c804b0c6e | |
| 000d:Call advapi32.RegCloseKey(00000060,) ret=7f1c804b0c78 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000d:Ret advapi32.RegCloseKey() retval=00000000 ret=7f1c804b0c78 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156fc8 L"Tag",00000000,0023f924,0001fc10,0023f920,) ret=7f9c25145332 | |
| 000d:Call shlwapi.PathFileExistsW(0023f110 L"C:\\users\\main\\Desktop",) ret=7f1c804b6017 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000d:Call KERNEL32.SetErrorMode(00000001,) ret=7f1c808f103f | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001fc30,0023f920,) ret=7f9c25145332 | |
| 000d:Ret KERNEL32.SetErrorMode() retval=00000000 ret=7f1c808f103f | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000d:Call KERNEL32.GetFileAttributesW(0023f110 L"C:\\users\\main\\Desktop",) ret=7f1c808f1049 | |
| 000f:Call advapi32.RegQueryValueExW(00000040,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000d:Ret KERNEL32.GetFileAttributesW() retval=00000410 ret=7f1c808f1049 | |
| 000d:Call KERNEL32.SetErrorMode(00000000,) ret=7f1c808f1052 | |
| 000d:Ret KERNEL32.SetErrorMode() retval=00000001 ret=7f1c808f1052 | |
| 000d:Ret shlwapi.PathFileExistsW() retval=00000001 ret=7f1c804b6017 | |
| 000d:Ret shell32.SHGetFolderPathW() retval=00000000 ret=7f1c8278a625 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000d:Call KERNEL32.wine_get_unix_file_name(0023f700 L"C:\\users\\main\\Desktop",) ret=7f1c8278a754 | |
| 000f:Call advapi32.RegCloseKey(00000040,) ret=7f9c251438ee | |
| 000d:Ret KERNEL32.wine_get_unix_file_name() retval=0003a700 ret=7f1c8278a754 | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000000a,0023f980,00000104,) ret=7f9c251433e0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0003a850 ret=7f1c82787a12 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,0003a850,0000002d,) ret=7f1c82787a97 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=0003a850 ret=7f1c82787a97 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0003a890 ret=7f1c82787a12 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001ff00 ret=7f9c25142903 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,0003a890,00000018,) ret=7f1c82787a97 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=0003a890 ret=7f1c82787a97 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25144e48 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0003a8c0 ret=7f1c82787a12 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=0001fff0 ret=7f9c25144e48 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,0003a8c0,0000002c,) ret=7f1c82787a97 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=0003a8c0 ret=7f1c82787a97 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"LanmanServer",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000d:Call ntdll.RtlFreeHeap(00010000,00000000,0003a8c0,) ret=7f1c8278a715 | |
| 000d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f1c8278a715 | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000d:Call ole32.CoInitialize(00000000,) ret=7f1c8278e567 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000120,) ret=7f1c8202cf45 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0003a8c0 ret=7f1c8202cf45 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000048,) ret=7f1c8205e805 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00039d20 ret=7f1c8205e805 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f9c25145035 | |
| 000d:Call KERNEL32.InitializeCriticalSection(00039d40,) ret=7f1c8205e842 | |
| 000d:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f1c8205e842 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020020 ret=7f9c25145035 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000008,000000c8,) ret=7f1c820285f6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0003a9f0 ret=7f1c820285f6 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25157050 L"ImagePath",00000000,0023f904,00020020,0023f900,) ret=7f9c25145059 | |
| 000d:Call KERNEL32.InitializeCriticalSection(0003aa20,) ret=7f1c8202865a | |
| 000d:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f1c8202865a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000d:Call KERNEL32.InitOnceExecuteOnce(7f1c823837d0,7f1c82027e10,00000000,00000000,) ret=7f1c82029701 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000d:Call user32.RegisterClassW(0023f530,) ret=7f1c82027eb4 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020090 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156fd0 L"ObjectName",00000000,0023f904,00020090,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000200c0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c251570b0 L"DisplayName",00000000,0023f904,000200c0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000200f0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156fb0 L"Description",00000000,0023f904,000200f0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020120 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020150 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c251570a0 L"Type",00000000,0023f924,0001ff50,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25157090 L"Start",00000000,0023f924,0001ff54,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25157070 L"ErrorControl",00000000,0023f924,0001ff58,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156fc8 L"Tag",00000000,0023f924,0001ff70,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,0001ff90,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000044,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000044,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000000b,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020180 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020270 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"MountMgr",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000054,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000202a0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25157050 L"ImagePath",00000000,0023f904,000202a0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020310 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156fd0 L"ObjectName",00000000,0023f904,00020310,0023f900,) ret=7f9c25145059 | |
| 0011:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 0011:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020340 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c251570b0 L"DisplayName",00000000,0023f904,00020340,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000032,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020370 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156fb0 L"Description",00000000,0023f904,00020370,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000203c0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000203f0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c251570a0 L"Type",00000000,0023f924,000201d0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25157090 L"Start",00000000,0023f924,000201d4,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25157070 L"ErrorControl",00000000,0023f924,000201d8,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156fc8 L"Tag",00000000,0023f924,000201f0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00020210,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000048,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000048,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000000c,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020420 ret=7f9c25142903 | |
| 0011:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002a,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020510 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"MSDTC Bridge 4.0.0.0",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020550 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020580 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c251570a0 L"Type",00000000,0023f924,00020470,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157090 L"Start",00000000,0023f924,00020474,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157070 L"ErrorControl",00000000,0023f924,00020478,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fc8 L"Tag",00000000,0023f924,00020490,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000204b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(0000004c,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000048,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020510,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020550,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020580,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020420,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000000d,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020420 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020510 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"MSIServer",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000048,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020540 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157050 L"ImagePath",00000000,0023f904,00020540,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000205a0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fd0 L"ObjectName",00000000,0023f904,000205a0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000205d0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c251570b0 L"DisplayName",00000000,0023f904,000205d0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020600 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fb0 L"Description",00000000,0023f904,00020600,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020640 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020670 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c251570a0 L"Type",00000000,0023f924,00020470,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 0011:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157090 L"Start",00000000,0023f924,00020474,0023f920,) ret=7f9c25145332 | |
| 0011:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 0011:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25157070 L"ErrorControl",00000000,0023f924,00020478,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156fc8 L"Tag",00000000,0023f924,00020490,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000204b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000004c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0011:Call PE DLL (proc=0x7fc24bf00730,module=0x7fc24beb0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegCloseKey(0000004c,) ret=7f9c251438ee | |
| 0011:Ret PE DLL (proc=0x7fc24bf00730,module=0x7fc24beb0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0011:Call PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 0011:Ret PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0011:Call PE DLL (proc=0x7fc24b797d90,module=0x7fc24b6f0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000000e,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000206a0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020790 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"PlugPlay",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000207c0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25157050 L"ImagePath",00000000,0023f904,000207c0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020820 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156fd0 L"ObjectName",00000000,0023f904,00020820,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020850 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c251570b0 L"DisplayName",00000000,0023f904,00020850,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020890 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156fb0 L"Description",00000000,0023f904,00020890,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020900 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020930 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c251570a0 L"Type",00000000,0023f924,000206f0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25157090 L"Start",00000000,0023f924,000206f4,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25157070 L"ErrorControl",00000000,0023f924,000206f8,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156fc8 L"Tag",00000000,0023f924,00020710,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00020730,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000050,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000050,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000000f,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020960 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020a50 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"RpcSs",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020a80 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25157050 L"ImagePath",00000000,0023f904,00020a80,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020ad0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156fd0 L"ObjectName",00000000,0023f904,00020ad0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020b00 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c251570b0 L"DisplayName",00000000,0023f904,00020b00,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020b50 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156fb0 L"Description",00000000,0023f904,00020b50,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020b80 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020bb0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c251570a0 L"Type",00000000,0023f924,000209b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25157090 L"Start",00000000,0023f924,000209b4,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25157070 L"ErrorControl",00000000,0023f924,000209b8,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156fc8 L"Tag",00000000,0023f924,000209d0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000209f0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000054,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000054,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000010,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020be0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020cd0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Schedule",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020d00 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25157050 L"ImagePath",00000000,0023f904,00020d00,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020d70 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156fd0 L"ObjectName",00000000,0023f904,00020d70,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020da0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c251570b0 L"DisplayName",00000000,0023f904,00020da0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020dd0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156fb0 L"Description",00000000,0023f904,00020dd0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020e00 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020e30 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c251570a0 L"Type",00000000,0023f924,00020c30,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25157090 L"Start",00000000,0023f924,00020c34,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25157070 L"ErrorControl",00000000,0023f924,00020c38,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156fc8 L"Tag",00000000,0023f924,00020c50,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00020c70,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000058,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000058,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000011,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020e60 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020f50 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"SharedAccess",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020f80 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020fb0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570a0 L"Type",00000000,0023f924,00020eb0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157090 L"Start",00000000,0023f924,00020eb4,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157070 L"ErrorControl",00000000,0023f924,00020eb8,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fc8 L"Tag",00000000,0023f924,00020ed0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00020ef0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(0000005c,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000058,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020f50,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020f80,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020fb0,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020e60,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000012,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020e60 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000024,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020f50 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"SMSvcHost 4.0.0.0",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020f90 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020fc0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570a0 L"Type",00000000,0023f924,00020eb0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157090 L"Start",00000000,0023f924,00020eb4,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157070 L"ErrorControl",00000000,0023f924,00020eb8,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fc8 L"Tag",00000000,0023f924,00020ed0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00020ef0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(0000005c,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000058,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020f50,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020f90,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020fc0,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00020e60,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000013,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020e60 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020f50 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Spooler",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000042,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020f80 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157050 L"ImagePath",00000000,0023f904,00020f80,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00020fe0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157040 L"Group",00000000,0023f904,00020fe0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 0011:Ret PE DLL (proc=0x7fc24b797d90,module=0x7fc24b6f0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 0011:Call PE DLL (proc=0x7fc24b4da9e0,module=0x7fc24b4d0000 L"version.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021010 ret=7f9c25145035 | |
| 0011:Call KERNEL32.DisableThreadLibraryCalls(7fc24b4d0000,) ret=7fc24b4dab31 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00021010,0023f900,) ret=7f9c25145059 | |
| 0011:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fc24b4dab31 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 0011:Ret PE DLL (proc=0x7fc24b4da9e0,module=0x7fc24b4d0000 L"version.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0011:Call PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021040 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570b0 L"DisplayName",00000000,0023f904,00021040,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000054,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021070 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fb0 L"Description",00000000,0023f904,00021070,0023f900,) ret=7f9c25145059 | |
| 0011:Call PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 0011:Call user32.User32InitializeImmEntryTable(19650412,) ret=7fc24a740816 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 0011:Ret user32.User32InitializeImmEntryTable() retval=00000001 ret=7fc24a740816 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 0011:Ret PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 0011:Ret PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000210e0 ret=7f9c251452d3 | |
| 0011:Starting process L"C:\\windows\\system32\\explorer.exe" (entryproc=0x7fc24c4e4940) | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 0011:Call KERNEL32.GetCommandLineW() ret=7fc24c4e4a11 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 0011:Ret KERNEL32.GetCommandLineW() retval=0012075a ret=7fc24c4e4a11 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 0011:Call KERNEL32.GetStartupInfoW(0023fc60,) ret=7fc24c4e4a8f | |
| 0011:Ret KERNEL32.GetStartupInfoW() retval=0000000c ret=7fc24c4e4a8f | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021110 ret=7f9c251452d3 | |
| 0011:Call KERNEL32.GetModuleHandleW(00000000,) ret=7fc24c4e4ab4 | |
| 0011:Ret KERNEL32.GetModuleHandleW() retval=7fc24c4c0000 ret=7fc24c4e4ab4 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c251570a0 L"Type",00000000,0023f924,00020eb0,0023f920,) ret=7f9c25145332 | |
| 0011:Call user32.GetThreadDesktop(00000011,) ret=7fc24c4de5e6 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 0011:Ret user32.GetThreadDesktop() retval=0000003c ret=7fc24c4de5e6 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157090 L"Start",00000000,0023f924,00020eb4,0023f920,) ret=7f9c25145332 | |
| 0011:Call user32.GetUserObjectInformationW(0000003c,00000002,7fc24c6f3ca0,00000104,00000000,) ret=7fc24c4de613 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 0011:Ret user32.GetUserObjectInformationW() retval=00000001 ret=7fc24c4de613 | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25157070 L"ErrorControl",00000000,0023f924,00020eb8,0023f920,) ret=7f9c25145332 | |
| 0011:Call advapi32.RegOpenKeyW(ffffffff80000001,7fc24c4e73e0 L"Software\\Wine\\Explorer",0023ef70,) ret=7fc24c4de63e | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 0011:Ret advapi32.RegOpenKeyW() retval=00000002 ret=7fc24c4de63e | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156fc8 L"Tag",00000000,0023f924,00020ed0,0023f920,) ret=7f9c25145332 | |
| 0011:Call rpcrt4.UuidCreate(0023efe0,) ret=7fc24c4df09f | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Call advapi32.SystemFunction036(0023efe0,00000010,) ret=7fc24c188adb | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00020ef0,0023f920,) ret=7f9c25145332 | |
| 0011:Ret advapi32.SystemFunction036() retval=00000001 ret=7fc24c188adb | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 0011:Ret rpcrt4.UuidCreate() retval=00000000 ret=7fc24c4df09f | |
| 000f:Call advapi32.RegQueryValueExW(0000005c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 0011:Call advapi32.RegOpenKeyW(ffffffff80000001,7fc24c4e72e0 L"Software\\Wine\\Drivers",0023ef70,) ret=7fc24c4df10c | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret advapi32.RegOpenKeyW() retval=00000002 ret=7fc24c4df10c | |
| 000f:Call advapi32.RegCloseKey(0000005c,) ret=7f9c251438ee | |
| 0011:Call KERNEL32.LoadLibraryW(0023eff0 L"winex11.drv",) ret=7fc24c4de7f8 | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000014,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021140 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021230 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"StiSvc",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000056,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021260 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25157050 L"ImagePath",00000000,0023f904,00021260,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000212d0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156fd0 L"ObjectName",00000000,0023f904,000212d0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021300 ret=7f9c25145035 | |
| 0011:Call PE DLL (proc=0x7fc24a4ea7f0,module=0x7fc24a4a0000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c251570b0 L"DisplayName",00000000,0023f904,00021300,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021330 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156fb0 L"Description",00000000,0023f904,00021330,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021360 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021390 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c251570a0 L"Type",00000000,0023f924,00021190,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25157090 L"Start",00000000,0023f924,00021194,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25157070 L"ErrorControl",00000000,0023f924,00021198,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156fc8 L"Tag",00000000,0023f924,000211b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000211d0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000060,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000060,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000015,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000213c0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000214b0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Tcpip",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000214e0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021510 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c251570a0 L"Type",00000000,0023f924,00021410,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157090 L"Start",00000000,0023f924,00021414,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157070 L"ErrorControl",00000000,0023f924,00021418,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fc8 L"Tag",00000000,0023f924,00021430,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00021450,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000064,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000060,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 0011:Ret PE DLL (proc=0x7fc24a4ea7f0,module=0x7fc24a4a0000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000214b0,) ret=7f9c251431e9 | |
| 0011:Ret KERNEL32.LoadLibraryW() retval=7fc24a4a0000 ret=7fc24c4de7f8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 0011:Call KERNEL32.GetModuleFileNameW(7fc24a4a0000,0023f140,00000104,) ret=7fc24c4def7f | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 0011:Ret KERNEL32.GetModuleFileNameW() retval=0000001f ret=7fc24c4def7f | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 0011:Call advapi32.RegCreateKeyExW(ffffffff80000002,0023f030 L"System\\CurrentControlSet\\Control\\Video\\{86fee39f-2d4a-4300-8a03-6575f3e05579}\\0000",00000000,00000000,00000001,00000002,00000000,0023ef70,00000000,) ret=7fc24c4de930 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 0011:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fc24c4de930 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 0011:Call advapi32.RegSetValueExW(00000048,7fc24c4e71a0 L"GraphicsDriver",00000000,00000001,0023f140,00000040,) ret=7fc24c4de98b | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 0011:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fc24c4de98b | |
| 0011:Call advapi32.RegCloseKey(00000048,) ret=7fc24c4de99d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24c4de99d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 0011:Call user32.CreateWindowExW(00000000,00008001,00000000,86000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,0023efe0,) ret=7fc24c4de9cc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 0011:Call window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_NCCREATE,wp=00000000,lp=0023ecf0) | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000214e0,) ret=7f9c2514329d | |
| 0011:Ret window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_NCCREATE,wp=00000000,lp=0023ecf0) retval=00000001 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 0011:Call window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eb20) | |
| 0011:Ret window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eb20) retval=00000000 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021510,) ret=7f9c251432b8 | |
| 0011:Call window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_CREATE,wp=00000000,lp=0023ecf0) | |
| 0011:Ret window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_CREATE,wp=00000000,lp=0023ecf0) retval=00000000 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000213c0,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 0011:Call winex11.drv.wine_get_gdi_driver(0000002f,) ret=7fc24b74b59f | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000016,0023f980,00000104,) ret=7f9c251433e0 | |
| 0011:Ret winex11.drv.wine_get_gdi_driver() retval=7fc24a711f20 ret=7fc24b74b59f | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000213c0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000214b0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"TermService",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000040,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000214e0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157050 L"ImagePath",00000000,0023f904,000214e0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021530 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fd0 L"ObjectName",00000000,0023f904,00021530,0023f900,) ret=7f9c25145059 | |
| 0011:Call winex11.drv.CreateWindow(00010020,) ret=7fc24bab41d3 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000026,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021560 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c251570b0 L"DisplayName",00000000,0023f904,00021560,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002e,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000215a0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fb0 L"Description",00000000,0023f904,000215a0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000215e0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021610 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c251570a0 L"Type",00000000,0023f924,00021410,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157090 L"Start",00000000,0023f924,00021414,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25157070 L"ErrorControl",00000000,0023f924,00021418,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156fc8 L"Tag",00000000,0023f924,00021430,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00021450,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000064,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000064,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000017,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021640 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021730 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"VxD",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021760 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021790 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570a0 L"Type",00000000,0023f924,00021690,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157090 L"Start",00000000,0023f924,00021694,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157070 L"ErrorControl",00000000,0023f924,00021698,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fc8 L"Tag",00000000,0023f924,000216b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000216d0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000068,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000064,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021730,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021760,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021790,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021640,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000018,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021640 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000048,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021730 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Windows Workflow Foundation 4.0.0.0",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021790 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000217c0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570a0 L"Type",00000000,0023f924,00021690,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157090 L"Start",00000000,0023f924,00021694,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157070 L"ErrorControl",00000000,0023f924,00021698,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fc8 L"Tag",00000000,0023f924,000216b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000216d0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000068,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(00000064,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021730,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021790,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000217c0,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021640,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,00000019,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021640 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021730 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"WineBus",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000052,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021760 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157050 L"ImagePath",00000000,0023f904,00021760,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000217d0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157040 L"Group",00000000,0023f904,000217d0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021800 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fd0 L"ObjectName",00000000,0023f904,00021800,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021830 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570b0 L"DisplayName",00000000,0023f904,00021830,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000034,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021870 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fb0 L"Description",00000000,0023f904,00021870,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000218c0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000218f0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c251570a0 L"Type",00000000,0023f924,00021690,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157090 L"Start",00000000,0023f924,00021694,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25157070 L"ErrorControl",00000000,0023f924,00021698,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156fc8 L"Tag",00000000,0023f924,000216b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000216d0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000068,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000068,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000001a,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021920 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021a10 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"WineHID",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000052,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021a40 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157050 L"ImagePath",00000000,0023f904,00021a40,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021ab0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157040 L"Group",00000000,0023f904,00021ab0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021ae0 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156fd0 L"ObjectName",00000000,0023f904,00021ae0,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021b10 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c251570b0 L"DisplayName",00000000,0023f904,00021b10,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25144f36 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002a,) ret=7f9c25145035 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021b40 ret=7f9c25145035 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156fb0 L"Description",00000000,0023f904,00021b40,0023f900,) ret=7f9c25145059 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145059 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021b80 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021bb0 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c251570a0 L"Type",00000000,0023f924,00021970,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157090 L"Start",00000000,0023f924,00021974,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25157070 L"ErrorControl",00000000,0023f924,00021978,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156fc8 L"Tag",00000000,0023f924,00021990,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,000219b0,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(0000006c,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(0000006c,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000001b,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021be0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021cd0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Winsock",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021d00 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021d30 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c251570a0 L"Type",00000000,0023f924,00021c30,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157090 L"Start",00000000,0023f924,00021c34,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157070 L"ErrorControl",00000000,0023f924,00021c38,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156fc8 L"Tag",00000000,0023f924,00021c50,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00021c70,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 000f:Call advapi32.RegCloseKey(00000070,) ret=7f9c251438ee | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 000f:Call KERNEL32.CloseHandle(0000006c,) ret=7f9c251431d1 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021cd0,) ret=7f9c251431e9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021d00,) ret=7f9c2514329d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021d30,) ret=7f9c251432b8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021be0,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000001c,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000000 ret=7f9c251433e0 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021be0 ret=7f9c25142903 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f9c25144e48 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021cd0 ret=7f9c25144e48 | |
| 000f:Call advapi32.RegOpenKeyExW(00000028,0023f980 L"Winsock2",00000000,00020019,0023f978,) ret=7f9c2514343d | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c2514343d | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157050 L"ImagePath",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157040 L"Group",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156fd0 L"ObjectName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c251570b0 L"DisplayName",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156fb0 L"Description",00000000,0023f904,00000000,0023f900,) ret=7f9c25144f36 | |
| 0011:Call imm32.ImmGetContext(00000000,) ret=7fc24a4b9510 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25144f36 | |
| 0011:Call user32.IsWindow(00000000,) ret=7fc24a74133c | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157020 L"DependOnService",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 0011:Ret user32.IsWindow() retval=00000000 ret=7fc24a74133c | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 0011:Ret imm32.ImmGetContext() retval=00000000 ret=7fc24a4b9510 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021d00 ret=7f9c251452d3 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156ff0 L"DependOnGroup",00000000,0023f904,00000000,0023f900,) ret=7f9c25145166 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145166 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bab41d3 | |
| 0011:Call window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=00000000) | |
| 0012:Call PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000002,) ret=7f9c251452d3 | |
| 0011:Ret window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000 | |
| 0011:Call window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 0012:Ret PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021d30 ret=7f9c251452d3 | |
| 0011:Ret window proc 0x7fc24baad890 (hwnd=0x10020,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 0012:Call PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c251570a0 L"Type",00000000,0023f924,00021c30,0023f920,) ret=7f9c25145332 | |
| 0011:Ret user32.CreateWindowExW() retval=00010020 ret=7fc24c4de9cc | |
| 0012:Ret PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Call user32.CreateWindowExW(00000000,7fc24c4e7470 L"Message",00000000,86000000,00000000,00000000,00000064,00000064,00000000,00000000,00000000,00000000,) ret=7fc24c4dea07 | |
| 0012:Call PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157090 L"Start",00000000,0023f924,00021c34,0023f920,) ret=7f9c25145332 | |
| 0011:Call winex11.drv.WindowPosChanging(00010026,00000000,00000014,0023eb00,0023eb00,0023e980,0023e978,) ret=7fc24bb243bc | |
| 0012:Ret PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 0012:Starting thread proc 0x7fc24a4ab450 (arg=(nil)) | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25157070 L"ErrorControl",00000000,0023f924,00021c38,0023f920,) ret=7f9c25145332 | |
| 0011:Call winex11.drv.WindowPosChanged(00010026,00000000,00000034,0023eb00,0023eb00,0023e980,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156fc8 L"Tag",00000000,0023f924,00021c50,0023f920,) ret=7f9c25145332 | |
| 0011:Call window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_NCCREATE,wp=00000000,lp=0023ecf0) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_NCCREATE,wp=00000000,lp=0023ecf0) retval=00000001 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156f80 L"PreshutdownTimeout",00000000,0023f924,00021c70,0023f920,) ret=7f9c25145332 | |
| 0011:Call window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eb20) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eb20) retval=00000000 | |
| 000f:Call advapi32.RegQueryValueExW(00000070,7f9c25156f68 L"WOW64",00000000,0023f924,0023f96c,0023f920,) ret=7f9c25145332 | |
| 0011:Call winex11.drv.WindowPosChanging(00010026,00000000,00000010,0023eb00,0023eb20,0023e980,0023e978,) ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25145332 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call advapi32.RegCloseKey(00000070,) ret=7f9c251438ee | |
| 0011:Call winex11.drv.WindowPosChanged(00010026,00000000,00000010,0023eb00,0023eb20,0023e980,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c251438ee | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Call KERNEL32.CloseHandle(0000006c,) ret=7f9c251431d1 | |
| 0011:Call window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_CREATE,wp=00000000,lp=0023ecf0) | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251431d1 | |
| 0011:Ret window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_CREATE,wp=00000000,lp=0023ecf0) retval=00000000 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021cd0,) ret=7f9c251431e9 | |
| 0011:Call winex11.drv.CreateWindow(00010026,) ret=7fc24bb1f4f2 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251431e9 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143201 | |
| 0011:Call window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_SIZE,wp=00000000,lp=00640064) | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143201 | |
| 0011:Ret window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_SIZE,wp=00000000,lp=00640064) retval=00000000 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143219 | |
| 0011:Call window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143219 | |
| 0011:Ret window proc 0x7fc24bae7430 (hwnd=0x10026,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143231 | |
| 0011:Ret user32.CreateWindowExW() retval=00010026 ret=7fc24c4dea07 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143231 | |
| 0011:Call user32.SetWindowLongPtrW(00010020,fffffffc,7fc24c4d0010,) ret=7fc24c4dea1f | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c2514324c | |
| 0011:Ret user32.SetWindowLongPtrW() retval=7fc24baad890 ret=7fc24c4dea1f | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514324c | |
| 0011:Call user32.LoadIconW(00000000,00007f05,) ret=7fc24c4deaa3 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143267 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143267 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25143282 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143282 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021d00,) ret=7f9c2514329d | |
| 0011:Ret user32.LoadIconW() retval=00010028 ret=7fc24c4deaa3 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514329d | |
| 0011:Call user32.SendMessageW(00010020,00000080,00000001,00010028,) ret=7fc24c4deab9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021d30,) ret=7f9c251432b8 | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_SETICON,wp=00000001,lp=00010028) | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432b8 | |
| 0011:Call user32.DefWindowProcW(00010020,00000080,00000001,00010028,) ret=7fc24c4d0512 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021be0,) ret=7f9c251432e8 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251432e8 | |
| 000f:Call advapi32.RegEnumKeyW(00000028,0000001d,0023f980,00000104,) ret=7f9c251433e0 | |
| 000f:Ret advapi32.RegEnumKeyW() retval=00000103 ret=7f9c251433e0 | |
| 000f:Call KERNEL32.CreateThreadpoolCleanupGroup() ret=7f9c251424b3 | |
| 0011:Call winex11.drv.SetWindowIcon(00010020,00000001,00010028,) ret=7fc24baac4c7 | |
| 000f:Ret KERNEL32.CreateThreadpoolCleanupGroup() retval=00021be0 ret=7f9c251424b3 | |
| 0011:Ret winex11.drv.SetWindowIcon() retval=00000000 ret=7fc24baac4c7 | |
| 000f:Call rpcrt4.RpcServerUseProtseqEpW(0023fb70 L"ncacn_np",00000000,0023fb90 L"\\pipe\\svcctl",00000000,) ret=7f9c251424dd | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 000f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0023fb70 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000,) ret=7f9c24dd94ea | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_SETICON,wp=00000001,lp=00010028) retval=00000000 | |
| 000f:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f9c24dd94ea | |
| 0011:Ret user32.SendMessageW() retval=00000000 ret=7fc24c4deab9 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9508 | |
| 0011:Call user32.GetSystemMetrics(0000004f,) ret=7fc24c4dec15 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021c70 ret=7f9c24dd9508 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023eb30,) ret=7fc24baf21c9 | |
| 000f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0023fb70 L"ncacn_np",ffffffff,00021c70,00000009,00000000,00000000,) ret=7f9c24dd952c | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f9c24dd952c | |
| 0011:Ret user32.GetSystemMetrics() retval=00000438 ret=7fc24c4dec15 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000090,) ret=7f9c24debcd2 | |
| 0011:Call user32.GetSystemMetrics(0000004e,) ret=7fc24c4dec23 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021ca0 ret=7f9c24debcd2 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023eb30,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021d40 ret=7f9c24dd9498 | |
| 0011:Ret user32.GetSystemMetrics() retval=00000f00 ret=7fc24c4dec23 | |
| 000f:Call KERNEL32.InitializeCriticalSection(00021ce8,) ret=7f9c24de5e4c | |
| 0011:Call user32.GetSystemMetrics(0000004d,) ret=7fc24c4dec30 | |
| 000f:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24de5e4c | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023eb30,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021c70,) ret=7f9c24dd9c2b | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24dd9c2b | |
| 0011:Ret user32.GetSystemMetrics() retval=00000000 ret=7fc24c4dec30 | |
| 000f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0023fb90 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000,) ret=7f9c24dd94ea | |
| 0011:Call user32.GetSystemMetrics(0000004c,) ret=7fc24c4dec3e | |
| 000f:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f9c24dd94ea | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023eb30,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9508 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021c70 ret=7f9c24dd9508 | |
| 0011:Ret user32.GetSystemMetrics() retval=00000000 ret=7fc24c4dec3e | |
| 000f:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0023fb90 L"\\pipe\\svcctl",ffffffff,00021c70,0000000d,00000000,00000000,) ret=7f9c24dd952c | |
| 0011:Call user32.SetWindowPos(00010020,00000000,00000000,00000000,00000f00,00000438,00000040,) ret=7fc24c4dec61 | |
| 000f:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f9c24dd952c | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0023ed40) | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f9c24deb921 | |
| 0011:Call user32.DefWindowProcW(00010020,00000046,00000000,0023ed40,) ret=7fc24c4d0512 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021db0 ret=7f9c24deb921 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0023ed40) retval=00000000 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021ee0 ret=7f9c24dd9498 | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000001,lp=0023ec90) | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df5de6 | |
| 0011:Call user32.DefWindowProcW(00010020,00000083,00000001,0023ec90,) ret=7fc24c4d0512 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021f10 ret=7f9c24df5de6 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 000f:Call KERNEL32.CreateNamedPipeA(00021f10 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000,) ret=7f9c24decedf | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_NCCALCSIZE,wp=00000001,lp=0023ec90) retval=00000000 | |
| 000f:Ret KERNEL32.CreateNamedPipeA() retval=00000070 ret=7f9c24decedf | |
| 0011:Call winex11.drv.WindowPosChanging(00010020,00000000,0000104a,0023ec00,0023ec10,0023eaa0,0023ea98,) ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00021c70,) ret=7f9c24dd9c2b | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24dd9c2b | |
| 0011:Call winex11.drv.WindowPosChanged(00010020,00000000,0000104a,0023ec00,0023ec10,0023eaa0,0023ec70,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Ret rpcrt4.RpcServerUseProtseqEpW() retval=00000000 ret=7f9c251424dd | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Call rpcrt4.RpcServerRegisterIf(7f9c2535d9e0,00000000,00000000,) ret=7f9c25142578 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000060,) ret=7f9c24de87ee | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_QUERYNEWPALETTE,wp=00000000,lp=00000000) | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021f40 ret=7f9c24de87ee | |
| 0011:Call user32.DefWindowProcW(00010020,0000030f,00000000,00000000,) ret=7fc24c4d0512 | |
| 000f:Ret rpcrt4.RpcServerRegisterIf() retval=00000000 ret=7f9c25142578 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 000f:Call rpcrt4.RpcServerListen(00000001,000004d2,00000001,) ret=7f9c251425d9 | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_QUERYNEWPALETTE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Call KERNEL32.CreateMutexW(00000000,00000000,00000000,) ret=7f9c24de5fd0 | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_NCACTIVATE,wp=00000001,lp=00000000) | |
| 000f:Ret KERNEL32.CreateMutexW() retval=00000078 ret=7f9c24de5fd0 | |
| 0011:Call user32.DefWindowProcW(00010020,00000086,00000001,00000000,) ret=7fc24c4d0512 | |
| 000f:Call KERNEL32.CreateThread(00000000,00000000,7f9c24de5870,00021ca0,00000000,00000000,) ret=7f9c24de5f8c | |
| 0011:Call winex11.drv.GetDC(0005003e,00010020,00010020,0023d910,0023d920,00000053,) ret=7fc24baf9e55 | |
| 0011:Ret winex11.drv.GetDC() retval=00000000 ret=7fc24baf9e55 | |
| 000f:Ret KERNEL32.CreateThread() retval=00000080 ret=7f9c24de5f8c | |
| 0013:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000f:Call KERNEL32.WaitForSingleObject(00000078,ffffffff,) ret=7f9c24de5bf6 | |
| 0013:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 0011:Ret user32.DefWindowProcW() retval=00000001 ret=7fc24c4d0512 | |
| 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24de5bf6 | |
| 0013:Starting thread proc 0x7f9c24de5870 (arg=0x21ca0) | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_NCACTIVATE,wp=00000001,lp=00000000) retval=00000001 | |
| 000f:Call KERNEL32.SetEvent(0000006c,) ret=7f9c24debb70 | |
| 0013:Call ntdll.NtFsControlFile(00000070,00000084,00000000,00000000,00021ea8,00110008,00000000,00000000,00000000,00000000,) ret=7f9c24ded05a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_ACTIVATE,wp=00000001,lp=00000000) | |
| 000f:Ret KERNEL32.SetEvent() retval=00000001 ret=7f9c24debb70 | |
| 0013:Ret ntdll.NtFsControlFile() retval=00000103 ret=7f9c24ded05a | |
| 0011:Call user32.DefWindowProcW(00010020,00000006,00000001,00000000,) ret=7fc24c4d0512 | |
| 000f:Call KERNEL32.WaitForSingleObject(0000007c,ffffffff,) ret=7f9c24de5c18 | |
| 0011:Call winex11.drv.SetFocus(00010020,) ret=7fc24bac1ef8 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24ded1cb | |
| 0011:Ret winex11.drv.SetFocus() retval=00000000 ret=7fc24bac1ef8 | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00021c70 ret=7f9c24ded1cb | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_SETFOCUS,wp=00000000,lp=00000000) | |
| 0013:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00021c70,00000000,ffffffff,00000001,) ret=7f9c24df2763 | |
| 0011:Call user32.DefWindowProcW(00010020,00000007,00000000,00000000,) ret=7fc24c4d0512 | |
| 0013:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7f9c24df2763 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 0013:Call ntdll.RtlReAllocateHeap(00010000,00000000,00021c70,00000010,) ret=7f9c24ded0fc | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_SETFOCUS,wp=00000000,lp=00000000) retval=00000000 | |
| 0013:Ret ntdll.RtlReAllocateHeap() retval=00021c70 ret=7f9c24ded0fc | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 0013:Call KERNEL32.SetEvent(0000007c,) ret=7f9c24de5954 | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_ACTIVATE,wp=00000001,lp=00000000) retval=00000000 | |
| 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24de5c18 | |
| 0013:Ret KERNEL32.SetEvent() retval=00000001 ret=7f9c24de5954 | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0023ed40) | |
| 000f:Call KERNEL32.ReleaseMutex(00000078,) ret=7f9c24de5c21 | |
| 0013:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00021c70,00000000,ffffffff,00000001,) ret=7f9c24df2763 | |
| 0011:Call user32.DefWindowProcW(00010020,00000047,00000000,0023ed40,) ret=7fc24c4d0512 | |
| 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7f9c24de5c21 | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=04380f00) | |
| 000f:Ret rpcrt4.RpcServerListen() retval=00000000 ret=7f9c251425d9 | |
| 0011:Call user32.DefWindowProcW(00010020,00000005,00000000,04380f00,) ret=7fc24c4d0512 | |
| 000f:Call ntdll.__wine_make_process_system() ret=7f9c25142609 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 000f:Ret ntdll.__wine_make_process_system() retval=00000088 ret=7f9c25142609 | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_SIZE,wp=00000000,lp=04380f00) retval=00000000 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000100,) ret=7f9c2513b7d8 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4d0512 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00021ff0 ret=7f9c2513b7d8 | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0023ed40) retval=00000000 | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(0001f3e0 L"C:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe",00000000,00000000,) ret=7f9c25143c61 | |
| 0011:Ret user32.SetWindowPos() retval=00000001 ret=7fc24c4dec61 | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=0000003b ret=7f9c25143c61 | |
| 0011:Call user32.SystemParametersInfoW(00000014,00000000,00000000,00000000,) ret=7fc24c4dec77 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000076,) ret=7f9c25143c7e | |
| 0011:Call winex11.drv.SystemParametersInfo(00000014,00000000,00000000,00000000,) ret=7fc24bb0ad7f | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c25143c7e | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(0001f3e0 L"C:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe",00022100,0000003b,) ret=7f9c25143ca1 | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=0000003b ret=7f9c25143ca1 | |
| 000f:Call KERNEL32.GetSystemDirectoryW(0023f8e0,00000104,) ret=7f9c25143f79 | |
| 0011:Ret user32.SystemParametersInfoW() retval=00000001 ret=7fc24c4dec77 | |
| 000f:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f9c25143f79 | |
| 0011:Call user32.ClipCursor(00000000,) ret=7fc24c4dec7e | |
| 000f:Call advapi32.RegQueryValueExW(00000024,00000000,00000000,0023f870,0023f850,0023f848,) ret=7f9c25143d05 | |
| 0011:Call winex11.drv.ClipCursor(0023ed00,) ret=7fc24ba9cf5b | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7f9c25143d05 | |
| 0011:Call winex11.drv.WindowMessage(00010020,80001004,00000000,00000000,) ret=7fc24bae5a19 | |
| 000f:Call advapi32.RegSetValueExW(00000024,00000000,00000000,00000004,7f9c2535f230,00000004,) ret=7f9c25143d3d | |
| 0011:Ret winex11.drv.WindowMessage() retval=00000000 ret=7fc24bae5a19 | |
| 000f:Ret advapi32.RegSetValueExW() retval=00000000 ret=7f9c25143d3d | |
| 0011:Ret winex11.drv.ClipCursor() retval=00000001 ret=7fc24ba9cf5b | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f9c25143d84 | |
| 0011:Ret user32.ClipCursor() retval=00000001 ret=7fc24c4dec7e | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022190 ret=7f9c25143d84 | |
| 0011:Call user32.EnumDisplaySettingsExW(00000000,ffffffff,0023f140,00000000,) ret=7fc24c4dec8e | |
| 000f:Call KERNEL32.CreateMutexW(00000000,00000001,00000000,) ret=7f9c25143dae | |
| 0011:Call winex11.drv.EnumDisplaySettingsEx(00000000,ffffffff,0023f140,00000000,) ret=7fc24bb09fd9 | |
| 000f:Ret KERNEL32.CreateMutexW() retval=0000008c ret=7f9c25143dae | |
| 000f:Call KERNEL32.CreateNamedPipeW(7f9c2535f1e0 L"\\\\.\\pipe\\net\\NtControlPipe0",40000003,00000000,00000001,00000100,00000100,00002710,00000000,) ret=7f9c25143e15 | |
| 0011:Ret winex11.drv.EnumDisplaySettingsEx() retval=00000001 ret=7fc24bb09fd9 | |
| 000f:Ret KERNEL32.CreateNamedPipeW() retval=00000094 ret=7f9c25143e15 | |
| 0011:Ret user32.EnumDisplaySettingsExW() retval=00000001 ret=7fc24c4dec8e | |
| 000f:Call advapi32.OpenProcessToken(ffffffffffffffff,0000000a,0023f848,) ret=7f9c251446b2 | |
| 0011:Call user32.ChangeDisplaySettingsExW(00000000,0023f140,00000000,10000009,00000000,) ret=7fc24c4decc0 | |
| 000f:Ret advapi32.OpenProcessToken() retval=00000001 ret=7f9c251446b2 | |
| 0011:Call winex11.drv.ChangeDisplaySettingsEx(00000000,0023f140,00000000,10000009,00000000,) ret=7fc24bb09cd2 | |
| 000f:Call userenv.CreateEnvironmentBlock(7f9c2535f280,00000098,00000000,) ret=7f9c251446d6 | |
| 000f:Call advapi32.RegOpenKeyExW(ffffffff80000002,7f9c248feca0 L"System\\CurrentControlSet\\Control\\Session Manager\\Environment",00000000,00020019,0022f3a8,) ret=7f9c248fb9ba | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c248fb9ba | |
| 000f:Call ntdll.RtlCreateEnvironment(00000000,0022f3a0,) ret=7f9c248fba44 | |
| 000f:Ret ntdll.RtlCreateEnvironment() retval=00000000 ret=7f9c248fba44 | |
| 000f:Call KERNEL32.GetEnvironmentVariableW(7f9c248fec70 L"SystemRoot",0022f690,00007fff,) ret=7f9c248fba6e | |
| 000f:Ret KERNEL32.GetEnvironmentVariableW() retval=0000000a ret=7f9c248fba6e | |
| 0011:Ret winex11.drv.ChangeDisplaySettingsEx() retval=00000000 ret=7fc24bb09cd2 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3c0,7f9c248fec70 L"SystemRoot",) ret=7f9c248fba92 | |
| 0011:Ret user32.ChangeDisplaySettingsExW() retval=00000000 ret=7fc24c4decc0 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fba92 | |
| 0011:Call user32.RegisterClassExW(0023eeb0,) ret=7fc24c4cfa91 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3d0,0022f690 L"C:\\windows",) ret=7f9c248fbaaf | |
| 0011:Ret user32.RegisterClassExW() retval=0000c014 ret=7fc24c4cfa91 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fbaaf | |
| 0011:Call user32.CreateWindowExW(00000000,7fc24c4e4e80 L"WineAppBar",7fc24c4e4e80 L"WineAppBar",00000000,00000000,00000000,00000000,00000000,fffffffffffffffd,00000000,00000000,00000000,) ret=7fc24c4cfb0c | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3c0,0022f3d0,) ret=7f9c248fbabd | |
| 0011:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023e340,00000000,) ret=7fc24bb0ad7f | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fbabd | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Call KERNEL32.GetEnvironmentVariableW(7f9c248fec50 L"SystemDrive",0022f690,00007fff,) ret=7f9c248fbad4 | |
| 000f:Ret KERNEL32.GetEnvironmentVariableW() retval=00000002 ret=7f9c248fbad4 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3c0,7f9c248fec50 L"SystemDrive",) ret=7f9c248fbaf0 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000016 ret=7f9c248fbaf0 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3d0,0022f690 L"c:",) ret=7f9c248fbb02 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000004 ret=7f9c248fbb02 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3c0,0022f3d0,) ret=7f9c248fbb10 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fbb10 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000000,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"ComSpec",) ret=7f9c248fb689 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000e ret=7f9c248fb689 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"ComSpec",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c248fb4cd | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"ComSpec",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\system32\\cmd.exe",) ret=7f9c248fb51c | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000036 ret=7f9c248fb51c | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\system32\\cmd.exe",) ret=7f9c248fb7cc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000036 ret=7f9c248fb7cc | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000001,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"NUMBER_OF_PROCESSORS",) ret=7f9c248fb689 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000028 ret=7f9c248fb689 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"NUMBER_OF_PROCESSORS",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"NUMBER_OF_PROCESSORS",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023dce0,00000000,) ret=7fc24bb0ad7f | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"8",) ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000002 ret=7f9c248fb7cc | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023e2b0,) ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000002,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023e2b0,) ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"OS",) ret=7f9c248fb689 | |
| 0011:Call window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_GETMINMAXINFO,wp=00000000,lp=0023e9a0) | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000004 ret=7f9c248fb689 | |
| 0011:Call user32.DefWindowProcW(0001002c,00000024,00000000,0023e9a0,) ret=7fc24c4cf3d5 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"OS",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4cf3d5 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_GETMINMAXINFO,wp=00000000,lp=0023e9a0) retval=00000000 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"OS",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e6f0,) ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"Windows_NT",) ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e9d0,) ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000003,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.WindowPosChanging(0001002c,00000000,00000014,0023ea90,0023ea90,0023e910,0023e908,) ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PATH",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.WindowPosChanged(0001002c,00000000,00000014,0023ea90,0023ea90,0023e910,00000000,00000000,) ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Call ntdll.RtlQueryEnvironmentVariable_U(00350000,0022e2a0,0022e2b0,) ret=7f9c248fb6ca | |
| 0011:Call window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_NCCREATE,wp=00000000,lp=0023ec80) | |
| 000f:Ret ntdll.RtlQueryEnvironmentVariable_U() retval=c0000100 ret=7f9c248fb6ca | |
| 0011:Call user32.DefWindowProcW(0001002c,00000081,00000000,0023ec80,) ret=7fc24c4cf3d5 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATH",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.SetWindowText(0001002c,000385d0 L"WineAppBar",) ret=7fc24baab441 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000070,) ret=7f9c248fb4cd | |
| 0011:Ret user32.DefWindowProcW() retval=00000001 ret=7fc24c4cf3d5 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Ret window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_NCCREATE,wp=00000000,lp=0023ec80) retval=00000001 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATH",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Call window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eab0) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call user32.DefWindowProcW(0001002c,00000083,00000000,0023eab0,) ret=7fc24c4cf3d5 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem",) ret=7f9c248fb51c | |
| 0011:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023dc50,00000000,) ret=7fc24bb0ad7f | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000006e ret=7f9c248fb51c | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4cf3d5 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eab0) retval=00000000 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call winex11.drv.WindowPosChanging(0001002c,00000000,00000010,0023ea90,0023eab0,0023e910,0023e908,) ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem",) ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000006e ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.WindowPosChanged(0001002c,00000000,00000010,0023ea90,0023eab0,0023e910,00000000,00000000,) ret=7fc24bb24831 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_CREATE,wp=00000000,lp=0023ec80) | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000004,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call user32.DefWindowProcW(0001002c,00000001,00000000,0023ec80,) ret=7fc24c4cf3d5 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4cf3d5 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PATHEXT",) ret=7f9c248fb689 | |
| 0011:Ret window proc 0x7fc24c4cf2f0 (hwnd=0x1002c,msg=WM_CREATE,wp=00000000,lp=0023ec80) retval=00000000 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000e ret=7f9c248fb689 | |
| 0011:Call winex11.drv.CreateWindow(0001002c,) ret=7fc24bb1f4f2 | |
| 000f:Call ntdll.RtlQueryEnvironmentVariable_U(00350000,0022e2a0,0022e2b0,) ret=7f9c248fb6ca | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Ret ntdll.RtlQueryEnvironmentVariable_U() retval=c0000100 ret=7f9c248fb6ca | |
| 0011:Ret user32.CreateWindowExW() retval=0001002c ret=7fc24c4cfb0c | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATHEXT",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call KERNEL32.GetProcAddress(7fc24a4a0000,7fc24c4ea517 "wine_notify_icon",) ret=7fc24c4e46d3 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc24a4a2ac4 ret=7fc24c4e46d3 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATHEXT",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call user32.GetSystemMetrics(00000031,) ret=7fc24c4e4540 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret user32.GetSystemMetrics() retval=00000010 ret=7fc24c4e4540 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH",) ret=7f9c248fb7cc | |
| 0011:Call user32.GetSystemMetrics(00000032,) ret=7fc24c4e4553 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7f9c248fb7cc | |
| 0011:Ret user32.GetSystemMetrics() retval=00000010 ret=7fc24c4e4553 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call user32.LoadIconW(00000000,00007f05,) ret=7fc24c4e45b3 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret user32.LoadIconW() retval=00010028 ret=7fc24c4e45b3 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000005,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call user32.LoadCursorW(00000000,00007f00,) ret=7fc24c4e45c4 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret user32.LoadCursorW() retval=00010022 ret=7fc24c4e45c4 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_ARCHITECTURE",) ret=7f9c248fb689 | |
| 0011:Call user32.RegisterClassExW(0023eea0,) ret=7fc24c4e45df | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000002c ret=7f9c248fb689 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_ARCHITECTURE",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_ARCHITECTURE",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Ret user32.RegisterClassExW() retval=0000c015 ret=7fc24c4e45df | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call user32.GetSystemMetrics(00000001,) ret=7fc24c4e4646 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"AMD64",) ret=7f9c248fb7cc | |
| 0011:Ret user32.GetSystemMetrics() retval=00000438 ret=7fc24c4e4646 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000a ret=7f9c248fb7cc | |
| 0011:Call user32.CreateWindowExW(08000000,7fc24c4ea670 L"Shell_TrayWnd",00000000,80000000,00000000,00000438,00000000,00000000,00000000,00000000,00000000,00000000,) ret=7fc24c4e4673 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call KERNEL32.LZOpenFileW(0023e720 L"C:\\windows\\system32\\explorer.exe",0023e540,00000000,) ret=7fc24b4d8098 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000006,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.LZOpenFileW() retval=00000060 ret=7fc24b4d8098 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_IDENTIFIER",) ret=7f9c248fb689 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000000,00000000,) ret=7fc24b4d75ba | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000028 ret=7f9c248fb689 | |
| 0011:Ret KERNEL32.LZSeek() retval=00000000 ret=7fc24b4d75ba | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_IDENTIFIER",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call KERNEL32.LZRead(00000060,0023e480,00000040,) ret=7fc24b4d75d4 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret KERNEL32.LZRead() retval=00000040 ret=7fc24b4d75d4 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_IDENTIFIER",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000060,00000000,) ret=7fc24b4d7655 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret KERNEL32.LZSeek() retval=00000060 ret=7fc24b4d7655 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"AMD64 Family 6 Model 60 Stepping 3, GenuineIntel",) ret=7f9c248fb7cc | |
| 0011:Call KERNEL32.LZRead(00000060,0023e4c5,00000002,) ret=7fc24b4d7675 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.LZRead() retval=00000002 ret=7fc24b4d7675 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call KERNEL32.LZSeek(00000060,00000060,00000000,) ret=7fc24b4d7697 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret KERNEL32.LZSeek() retval=00000060 ret=7fc24b4d7697 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000007,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000000,00000001,) ret=7fc24b4d6cde | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.LZSeek() retval=00000060 ret=7fc24b4d6cde | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_LEVEL",) ret=7f9c248fb689 | |
| 0011:Call KERNEL32.LZRead(00000060,0023e2f0,00000108,) ret=7fc24b4d6cfd | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb689 | |
| 0011:Ret KERNEL32.LZRead() retval=00000108 ret=7fc24b4d6cfd | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_LEVEL",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000078,) ret=7fc24b4d6dd8 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0003e1c0 ret=7fc24b4d6dd8 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_LEVEL",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000168,00000000,) ret=7fc24b4d6e00 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret KERNEL32.LZSeek() retval=00000168 ret=7fc24b4d6e00 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"6",) ret=7f9c248fb7cc | |
| 0011:Call KERNEL32.LZRead(00000060,0003e1c0,00000078,) ret=7fc24b4d6e14 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000002 ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.LZRead() retval=00000078 ret=7fc24b4d6e14 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00002000,) ret=7fc24b4d6f72 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0003f740 ret=7fc24b4d6f72 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000008,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000600,00000000,) ret=7fc24b4d6fa7 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.LZSeek() retval=00000600 ret=7fc24b4d6fa7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_REVISION",) ret=7f9c248fb689 | |
| 0011:Call KERNEL32.LZRead(00000060,0003f740,000013d8,) ret=7fc24b4d6fba | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fb689 | |
| 0011:Ret KERNEL32.LZRead() retval=000013d8 ret=7fc24b4d6fba | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_REVISION",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call KERNEL32.GetUserDefaultLangID() ret=7fc24b4d753e | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7fc24b4d753e | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_REVISION",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call KERNEL32.GetUserDefaultLangID() ret=7fc24b4d7343 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7fc24b4d7343 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"3c03",) ret=7f9c248fb7cc | |
| 0011:Call KERNEL32.GetUserDefaultLangID() ret=7fc24b4d737b | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7fc24b4d737b | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call KERNEL32.GetSystemDefaultLangID() ret=7fc24b4d73b3 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7fc24b4d73b3 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000009,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call KERNEL32.GetSystemDefaultLangID() ret=7fc24b4d7404 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7fc24b4d7404 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000a,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call KERNEL32.GetSystemDefaultLangID() ret=7fc24b4d745f | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7fc24b4d745f | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000b,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0003f740,) ret=7fc24b4d6fea | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc24b4d6fea | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TEMP",) ret=7f9c248fb689 | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0003e1c0,) ret=7fc24b4d7003 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb689 | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc24b4d7003 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TEMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call KERNEL32.LZClose(00000060,) ret=7fc24b4d80c2 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret KERNEL32.LZClose() retval=00000000 ret=7fc24b4d80c2 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c248fb4cd | |
| 0011:Call KERNEL32.LZOpenFileW(0023e720 L"C:\\windows\\system32\\explorer.exe",0023e520,00000000,) ret=7fc24b4d852e | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TEMP",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Ret KERNEL32.LZOpenFileW() retval=00000060 ret=7fc24b4d852e | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000000,00000000,) ret=7fc24b4d75ba | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\temp",) ret=7f9c248fb51c | |
| 0011:Ret KERNEL32.LZSeek() retval=00000000 ret=7fc24b4d75ba | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb51c | |
| 0011:Call KERNEL32.LZRead(00000060,0023e450,00000040,) ret=7fc24b4d75d4 | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret KERNEL32.LZRead() retval=00000040 ret=7fc24b4d75d4 | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call KERNEL32.LZSeek(00000060,00000060,00000000,) ret=7fc24b4d7655 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret KERNEL32.LZSeek() retval=00000060 ret=7fc24b4d7655 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call KERNEL32.LZRead(00000060,0023e495,00000002,) ret=7fc24b4d7675 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\temp",) ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.LZRead() retval=00000002 ret=7fc24b4d7675 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb7cc | |
| 0011:Call KERNEL32.LZSeek(00000060,00000060,00000000,) ret=7fc24b4d7697 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret KERNEL32.LZSeek() retval=00000060 ret=7fc24b4d7697 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call KERNEL32.LZSeek(00000060,00000000,00000001,) ret=7fc24b4d6cde | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000c,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.LZSeek() retval=00000060 ret=7fc24b4d6cde | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call KERNEL32.LZRead(00000060,0023e2c0,00000108,) ret=7fc24b4d6cfd | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TMP",) ret=7f9c248fb689 | |
| 0011:Ret KERNEL32.LZRead() retval=00000108 ret=7fc24b4d6cfd | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000006 ret=7f9c248fb689 | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000078,) ret=7fc24b4d6dd8 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0003f340 ret=7fc24b4d6dd8 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call KERNEL32.LZSeek(00000060,00000168,00000000,) ret=7fc24b4d6e00 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c248fb4cd | |
| 0011:Ret KERNEL32.LZSeek() retval=00000168 ret=7fc24b4d6e00 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Call KERNEL32.LZRead(00000060,0003f340,00000078,) ret=7fc24b4d6e14 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TMP",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Ret KERNEL32.LZRead() retval=00000078 ret=7fc24b4d6e14 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00002000,) ret=7fc24b4d6f72 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\temp",) ret=7f9c248fb51c | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0003f740 ret=7fc24b4d6f72 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb51c | |
| 0011:Call KERNEL32.LZSeek(00000060,00000600,00000000,) ret=7fc24b4d6fa7 | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret KERNEL32.LZSeek() retval=00000600 ret=7fc24b4d6fa7 | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call KERNEL32.LZRead(00000060,0003f740,000013d8,) ret=7fc24b4d6fba | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret KERNEL32.LZRead() retval=000013d8 ret=7fc24b4d6fba | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call KERNEL32.GetUserDefaultLangID() ret=7fc24b4d753e | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\temp",) ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7fc24b4d753e | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb7cc | |
| 0011:Call KERNEL32.GetUserDefaultLangID() ret=7fc24b4d7343 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7fc24b4d7343 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call KERNEL32.GetUserDefaultLangID() ret=7fc24b4d737b | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000d,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret KERNEL32.GetUserDefaultLangID() retval=00000409 ret=7fc24b4d737b | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call KERNEL32.GetSystemDefaultLangID() ret=7fc24b4d73b3 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"windir",) ret=7f9c248fb689 | |
| 0011:Ret KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7fc24b4d73b3 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000c ret=7f9c248fb689 | |
| 0011:Call KERNEL32.GetSystemDefaultLangID() ret=7fc24b4d7404 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"windir",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7fc24b4d7404 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call KERNEL32.GetSystemDefaultLangID() ret=7fc24b4d745f | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f9c248fb4cd | |
| 0011:Ret KERNEL32.GetSystemDefaultLangID() retval=00000409 ret=7fc24b4d745f | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0003f740,) ret=7fc24b4d6fea | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"windir",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc24b4d6fea | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0003f340,) ret=7fc24b4d7003 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows",) ret=7f9c248fb51c | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc24b4d7003 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fb51c | |
| 0011:Call KERNEL32.LZSeek(00000060,00001678,00000000,) ret=7fc24b4d87ef | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret KERNEL32.LZSeek() retval=00001678 ret=7fc24b4d87ef | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call KERNEL32.LZRead(00000060,0003ec60,00000360,) ret=7fc24b4d8808 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret KERNEL32.LZRead() retval=00000360 ret=7fc24b4d8808 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call KERNEL32.LZClose(00000060,) ret=7fc24b4d8814 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows",) ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.LZClose() retval=00000000 ret=7fc24b4d8814 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fb7cc | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.WindowPosChanging(00010030,00000000,00000014,0023ea80,0023ea80,0023e900,0023e8f8,) ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023dab0,) ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000e,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d790,) ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"winsysdir",) ret=7f9c248fb689 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000012 ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"winsysdir",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023dd20,) ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"winsysdir",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\system32",) ret=7f9c248fb7cc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000026 ret=7f9c248fb7cc | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000f,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000103 ret=7f9c248fb634 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000000,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"ComSpec",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e380,) ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000e ret=7f9c248fb689 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e060,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"ComSpec",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e5f0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c248fb4cd | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Call winex11.drv.WindowPosChanged(00010030,00000000,00000034,0023ea80,0023ea80,0023e900,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"ComSpec",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_NCCREATE,wp=00000000,lp=0023ec70) | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\system32\\cmd.exe",) ret=7f9c248fb51c | |
| 0011:Call user32.DefWindowProcW(00010030,00000081,00000000,0023ec70,) ret=7fc24c4e3694 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000036 ret=7f9c248fb51c | |
| 0011:Call winex11.drv.SetWindowText(00010030,00038600 L"",) ret=7fc24baab441 | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 0011:Ret user32.DefWindowProcW() retval=00000001 ret=7fc24c4e3694 | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_NCCREATE,wp=00000000,lp=0023ec70) retval=00000001 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Call imm32.__wine_register_window(00010030,) ret=7fc24bb1f3e1 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call user32.GetClassNameW(00010030,0023e8b0,00000008,) ret=7fc24a7395f8 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\system32\\cmd.exe",) ret=7f9c248fb7cc | |
| 0011:Ret user32.GetClassNameW() retval=00000007 ret=7fc24a7395f8 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000036 ret=7f9c248fb7cc | |
| 0011:Call user32.GetClassLongPtrW(00010030,ffffffe6,) ret=7fc24a7396b5 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret user32.GetClassLongPtrW() retval=0000000a ret=7fc24a7396b5 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call user32.GetWindowThreadProcessId(00010030,0023e824,) ret=7fc24a7386b2 | |
| 0011:Ret user32.GetWindowThreadProcessId() retval=00000011 ret=7fc24a7386b2 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000001,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7fc24a73873a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0003dce0 ret=7fc24a73873a | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call user32.CreateWindowExW(00000000,7fc24a744468 L"IME",7fc24a744450 L"Default IME",8c000000,00000000,7fc200000000,00000001,7fc200000001,00000000,00000000,00000000,00000000,) ret=7fc24a73982c | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"NUMBER_OF_PROCESSORS",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.WindowPosChanging(00010032,00000000,00000014,0023e490,0023e490,0023e310,0023e308,) ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000028 ret=7f9c248fb689 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023d4c0,) ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"NUMBER_OF_PROCESSORS",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d1a0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"NUMBER_OF_PROCESSORS",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d730,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"8",) ret=7f9c248fb7cc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000002 ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023dd90,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023da70,) ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000002,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e000,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"OS",) ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000004 ret=7f9c248fb689 | |
| 0011:Call winex11.drv.WindowPosChanged(00010032,00000000,00000014,0023e490,0023e490,0023e310,00000000,00000000,) ret=7fc24bb24831 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"OS",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_NCCREATE,wp=00000000,lp=0023e680) | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"OS",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.SetWindowText(00010032,0003adf0 L"Default IME",) ret=7fc24baab441 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"Windows_NT",) ret=7f9c248fb7cc | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_NCCREATE,wp=00000000,lp=0023e680) retval=00000001 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fb7cc | |
| 0011:Call imm32.__wine_register_window(00010032,) ret=7fc24bb1f3e1 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call user32.GetClassNameW(00010032,0023e2c0,00000008,) ret=7fc24a7395f8 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret user32.GetClassNameW() retval=00000003 ret=7fc24a7395f8 | |
| 0011:Ret imm32.__wine_register_window() retval=00000000 ret=7fc24bb1f3e1 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000003,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e4b0) | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e4b0) retval=00000000 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PATH",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.WindowPosChanging(00010032,00000000,00000010,0023e490,0023e4b0,0023e310,0023e308,) ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb689 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023dd90,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlQueryEnvironmentVariable_U(00350000,0022e2a0,0022e2b0,) ret=7f9c248fb6ca | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023da70,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlQueryEnvironmentVariable_U() retval=00000000 ret=7f9c248fb6ca | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATH",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e000,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000070,) ret=7f9c248fb4cd | |
| 0011:Call winex11.drv.WindowPosChanged(00010032,00000000,00000010,0023e490,0023e4b0,0023e310,00000000,00000000,) ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATH",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_CREATE,wp=00000000,lp=0023e680) | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_CREATE,wp=00000000,lp=0023e680) retval=00000001 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem",) ret=7f9c248fb51c | |
| 0011:Call winex11.drv.CreateWindow(00010032,) ret=7fc24bb1f4f2 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000006e ret=7f9c248fb51c | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_SIZE,wp=00000000,lp=00010001) | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_SIZE,wp=00000000,lp=00010001) retval=00000000 | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Ret user32.CreateWindowExW() retval=00010032 ret=7fc24a73982c | |
| 0011:Ret imm32.__wine_register_window() retval=00000001 ret=7fc24bb1f3e1 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\system32;C:\\windows;C:\\windows\\system32\\wbem",) ret=7f9c248fb7cc | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eaa0) | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000006e ret=7f9c248fb7cc | |
| 0011:Call user32.DefWindowProcW(00010030,00000083,00000000,0023eaa0,) ret=7fc24c4e3694 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret user32.DefWindowProcW() retval=00000100 ret=7fc24c4e3694 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_NCCALCSIZE,wp=00000000,lp=0023eaa0) retval=00000100 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000004,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.WindowPosChanging(00010030,00000000,00000010,0023ea80,0023eaa0,0023e900,0023e8f8,) ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e380,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PATHEXT",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e060,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000e ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlQueryEnvironmentVariable_U(00350000,0022e2a0,0022e2b0,) ret=7f9c248fb6ca | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e5f0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlQueryEnvironmentVariable_U() retval=00000000 ret=7f9c248fb6ca | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATHEXT",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.WindowPosChanged(00010030,00000000,00000010,0023ea80,0023eaa0,0023e900,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PATHEXT",00000000,00000000,0022eb22,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_CREATE,wp=00000000,lp=0023ec70) | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH",) ret=7f9c248fb7cc | |
| 0011:Call user32.DefWindowProcW(00010030,00000001,00000000,0023ec70,) ret=7fc24c4e3694 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7f9c248fb7cc | |
| 0012:Call imm32.ImmGetContext(00000000,) ret=7fc24a4b9510 | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_CREATE,wp=00000000,lp=0023ec70) retval=00000000 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0012:Call user32.IsWindow(00000000,) ret=7fc24a74133c | |
| 0011:Call winex11.drv.CreateWindow(00010030,) ret=7fc24bb1f4f2 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0012:Ret user32.IsWindow() retval=00000000 ret=7fc24a74133c | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_SIZE,wp=00000000,lp=00000000) | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000005,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0012:Ret imm32.ImmGetContext() retval=00000000 ret=7fc24a4b9510 | |
| 0011:Call user32.DefWindowProcW(00010030,00000005,00000000,00000000,) ret=7fc24c4e3694 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0012:Call winex11.drv.CreateDesktopWindow(00010020,) ret=7fc24bb17bec | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_ARCHITECTURE",) ret=7f9c248fb689 | |
| 0012:Ret winex11.drv.CreateDesktopWindow() retval=00000001 ret=7fc24bb17bec | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_MOVE,wp=00000000,lp=04380000) | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000002c ret=7f9c248fb689 | |
| 0011:Call user32.DefWindowProcW(00010030,00000003,00000000,04380000,) ret=7fc24c4e3694 | |
| 0012:Call winex11.drv.SystemParametersInfo(00000029,00000000,0035ef10,00000000,) ret=7fc24bb0ad7f | |
| 0012:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_ARCHITECTURE",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 0012:Call winex11.drv.SystemParametersInfo(00000029,00000000,0035e8b0,00000000,) ret=7fc24bb0ad7f | |
| 0012:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_MOVE,wp=00000000,lp=04380000) retval=00000000 | |
| 0012:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0035ee80,) ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_ARCHITECTURE",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Ret user32.CreateWindowExW() retval=00010030 ret=7fc24c4e4673 | |
| 0012:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call user32.LoadStringW(00000000,00000003,7fc24c6f40c0,00000032,) ret=7fc24c4e46a0 | |
| 0012:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0035ee80,) ret=7fc24baf21c9 | |
| 0012:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"AMD64",) ret=7f9c248fb7cc | |
| 0011:Ret user32.LoadStringW() retval=00000005 ret=7fc24c4e46a0 | |
| 0012:Call window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_GETMINMAXINFO,wp=00000000,lp=0035f570) | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000a ret=7f9c248fb7cc | |
| 0011:Call user32.GetSystemMetrics(0000004d,) ret=7fc24c4e2440 | |
| 0012:Ret window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_GETMINMAXINFO,wp=00000000,lp=0035f570) retval=00000000 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023ea90,) ret=7fc24baf21c9 | |
| 0012:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0035f2c0,) ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 0012:Call winex11.drv.GetMonitorInfo(00000001,0035efa0,) ret=7fc24baf1db7 | |
| 0012:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000006,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret user32.GetSystemMetrics() retval=00000000 ret=7fc24c4e2440 | |
| 0012:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call user32.GetSystemMetrics(0000004f,) ret=7fc24c4e244c | |
| 0012:Call winex11.drv.GetMonitorInfo(00000001,0035f5a0,) ret=7fc24baf1db7 | |
| 0012:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_IDENTIFIER",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023ea90,) ret=7fc24baf21c9 | |
| 0012:Call winex11.drv.WindowPosChanging(00010034,00000000,00000014,0035f660,0035f660,0035f4e0,0035f4d8,) ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000028 ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 0012:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_IDENTIFIER",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret user32.GetSystemMetrics() retval=00000438 ret=7fc24c4e244c | |
| 0012:Call winex11.drv.WindowPosChanged(00010034,00000000,00000014,0035f660,0035f660,0035f4e0,00000000,00000000,) ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call user32.GetSystemMetrics(0000004c,) ret=7fc24c4e2458 | |
| 0012:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_IDENTIFIER",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023ea90,) ret=7fc24baf21c9 | |
| 0012:Call window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_NCCREATE,wp=00000000,lp=0035f850) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 0012:Ret window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_NCCREATE,wp=00000000,lp=0035f850) retval=00000001 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"AMD64 Family 6 Model 60 Stepping 3, GenuineIntel",) ret=7f9c248fb7cc | |
| 0011:Ret user32.GetSystemMetrics() retval=00000000 ret=7fc24c4e2458 | |
| 0012:Call window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_NCCALCSIZE,wp=00000000,lp=0035f680) | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7f9c248fb7cc | |
| 0011:Call user32.GetSystemMetrics(0000004e,) ret=7fc24c4e2464 | |
| 0012:Call winex11.drv.SystemParametersInfo(00000029,00000000,0035e8c0,00000000,) ret=7fc24bb0ad7f | |
| 0012:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023ea90,) ret=7fc24baf21c9 | |
| 0012:Ret window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_NCCALCSIZE,wp=00000000,lp=0035f680) retval=00000000 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 0012:Call winex11.drv.WindowPosChanging(00010034,00000000,00000010,0035f660,0035f680,0035f4e0,0035f4d8,) ret=7fc24bb243bc | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000007,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret user32.GetSystemMetrics() retval=00000f00 ret=7fc24c4e2464 | |
| 0012:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call user32.SetWindowPos(00010030,00000000,00000f00,00000438,00000000,00000000,00000015,) ret=7fc24c4e2488 | |
| 0012:Call winex11.drv.WindowPosChanged(00010034,00000000,00000010,0035f660,0035f680,0035f4e0,00000000,00000000,) ret=7fc24bb24831 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_LEVEL",) ret=7f9c248fb689 | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0023eca0) | |
| 0012:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb689 | |
| 0011:Call user32.DefWindowProcW(00010030,00000046,00000000,0023eca0,) ret=7fc24c4e3694 | |
| 0012:Call window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_CREATE,wp=00000000,lp=0035f850) | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_LEVEL",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 0012:Ret window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_CREATE,wp=00000000,lp=0035f850) retval=00000000 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_WINDOWPOSCHANGING,wp=00000000,lp=0023eca0) retval=00000000 | |
| 0012:Call winex11.drv.CreateWindow(00010034,) ret=7fc24bb1f4f2 | |
| 0012:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_LEVEL",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.WindowPosChanging(00010030,00000000,0000081d,0023eb60,0023eb70,0023ea00,0023e9f8,) ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e480,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"6",) ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e160,) ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000002 ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e6f0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000008,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.WindowPosChanged(00010030,00000000,0000081d,0023eb60,0023eb70,0023ea00,0023ebd0,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"PROCESSOR_REVISION",) ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fb689 | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0023eca0) | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_REVISION",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call user32.DefWindowProcW(00010030,00000047,00000000,0023eca0,) ret=7fc24c4e3694 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_MOVE,wp=00000000,lp=04380f00) | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"PROCESSOR_REVISION",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call user32.DefWindowProcW(00010030,00000003,00000000,04380f00,) ret=7fc24c4e3694 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_MOVE,wp=00000000,lp=04380f00) retval=00000000 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"3c03",) ret=7f9c248fb7cc | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_WINDOWPOSCHANGED,wp=00000000,lp=0023eca0) retval=00000000 | |
| 0011:Ret user32.SetWindowPos() retval=00000001 ret=7fc24c4e2488 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb7cc | |
| 0011:Call KERNEL32.LoadLibraryA(7fc24c4e5387 "shell32.dll",) ret=7fc24c4ded07 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000f:Call advapi32.RegEnumValueW(0000009c,00000009,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000a,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000b,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TEMP",) ret=7f9c248fb689 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb689 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TEMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c248fb4cd | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0012:Call winex11.drv.UpdateClipboard() ret=7fc24ba9286c | |
| 0012:Ret winex11.drv.UpdateClipboard() retval=00000000 ret=7fc24ba9286c | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TEMP",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\temp",) ret=7f9c248fb51c | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb51c | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\temp",) ret=7f9c248fb7cc | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb7cc | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000c,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TMP",) ret=7f9c248fb689 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000006 ret=7f9c248fb689 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call PE DLL (proc=0x7fc2481f6130,module=0x7fc2481b0000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call KERNEL32.DisableThreadLibraryCalls(7fc2481b0000,) ret=7fc2481e37cf | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c248fb4cd | |
| 0012:Call window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_CLIPBOARDUPDATE,wp=00000000,lp=00000000) | |
| 0011:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fc2481e37cf | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0012:Ret window proc 0x7fc24a4ac0d0 (hwnd=0x10034,msg=WM_CLIPBOARDUPDATE,wp=00000000,lp=00000000) retval=00000000 | |
| 0011:Call KERNEL32.TlsAlloc() ret=7fc2481e37db | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"TMP",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0012:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0035f870,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 0011:Ret KERNEL32.TlsAlloc() retval=00000002 ret=7fc2481e37db | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Ret PE DLL (proc=0x7fc2481f6130,module=0x7fc2481b0000 L"shlwapi.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 0011:Call PE DLL (proc=0x7fc243c40ea0,module=0x7fc243b90000 L"shell32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows\\temp",) ret=7f9c248fb51c | |
| 0011:Call KERNEL32.DisableThreadLibraryCalls(7fc243b90000,) ret=7fc243bcd21a | |
| 0011:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fc243bcd21a | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb51c | |
| 0011:Call KERNEL32.GetModuleFileNameW(7fc243b90000,7fc243fff580,00000104,) ret=7fc243bcd22f | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret KERNEL32.GetModuleFileNameW() retval=0000001f ret=7fc243bcd22f | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Ret PE DLL (proc=0x7fc243c40ea0,module=0x7fc243b90000 L"shell32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret KERNEL32.LoadLibraryA() retval=7fc243b90000 ret=7fc24c4ded07 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call KERNEL32.GetProcAddress(7fc243b90000,000000bc,) ret=7fc24c4ded21 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\temp",) ret=7f9c248fb7cc | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc243b99f08 ret=7fc24c4ded21 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fb7cc | |
| 0011:Call shell32.188(00000001,) ret=7fc24c4ded35 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call user32.DdeInitializeW(7fc243fff400,7fc243bafac0,00014000,00000000,) ret=7fc243bb0d4c | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000d,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.WindowPosChanging(00010036,00000000,00000014,0023e870,0023e870,0023e6f0,0023e6e8,) ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023d8a0,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"windir",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d580,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000c ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"windir",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023db10,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f9c248fb4cd | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e170,) ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"windir",00000000,00000000,000221f0,0022e1fc,) ret=7f9c248fb4f7 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de50,) ret=7fc24baf1db7 | |
| 000d:Call PE DLL (proc=0x7f1c7f44e7f0,module=0x7f1c7f400000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e200,000221f0 L"C:\\windows",) ret=7f9c248fb51c | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fb51c | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3e0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022e200,0022e210,0022e1ec,) ret=7f9c248fb53f | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call winex11.drv.WindowPosChanged(00010036,00000000,00000034,0023e870,0023e870,0023e6f0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_NCCREATE,wp=00000000,lp=0023ea60) | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows",) ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.SetWindowText(00010036,0003e680 L"",) ret=7fc24baab441 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000014 ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_NCCREATE,wp=00000000,lp=0023ea60) retval=00000001 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call imm32.__wine_register_window(00010036,) ret=7fc24bb1f3e1 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000e,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call user32.GetClassNameW(00010036,0023e6a0,00000008,) ret=7fc24a7395f8 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret user32.GetClassNameW() retval=00000007 ret=7fc24a7395f8 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"winsysdir",) ret=7f9c248fb689 | |
| 0011:Call user32.GetClassLongPtrW(00010036,ffffffe6,) ret=7fc24a7396b5 | |
| 0011:Ret user32.GetClassLongPtrW() retval=00000000 ret=7fc24a7396b5 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000012 ret=7f9c248fb689 | |
| 0011:Call user32.GetWindowThreadProcessId(00010036,0023e614,) ret=7fc24a7386b2 | |
| 0011:Ret user32.GetWindowThreadProcessId() retval=00000011 ret=7fc24a7386b2 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"winsysdir",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret imm32.__wine_register_window() retval=00000001 ret=7fc24bb1f3e1 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e890) | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,0022e2c0 L"winsysdir",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e890) retval=00000000 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.WindowPosChanging(00010036,00000000,00000010,0023e870,0023e890,0023e6f0,0023e6e8,) ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\windows\\system32",) ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e170,) ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000026 ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de50,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3e0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegEnumValueW(0000009c,0000000f,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000103 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.WindowPosChanged(00010036,00000000,00000010,0023e870,0023e890,0023e6f0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Call advapi32.RegOpenKeyExW(0000009c,7f9c248fec30 L"Environment",00000000,00020019,0022f3b0,) ret=7f9c248fbb70 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=7f9c248fbb70 | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_CREATE,wp=00000000,lp=0023ea60) | |
| 000f:Call advapi32.RegOpenKeyExW(0000009c,7f9c248fec00 L"Volatile Environment",00000000,00020019,0022f3b0,) ret=7f9c248fbb9f | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_CREATE,wp=00000000,lp=0023ea60) retval=00000000 | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=7f9c248fbb9f | |
| 0011:Call winex11.drv.CreateWindow(00010036,) ret=7fc24bb1f4f2 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Call advapi32.RegCloseKey(0000009c,) ret=7f9c248fbbb4 | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_SIZE,wp=00000000,lp=00000000) | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c248fbbb4 | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Call advapi32.RegOpenKeyExW(ffffffff80000002,7f9c248feb80 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",00000000,00020019,0022f3a8,) ret=7f9c248fbbd5 | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c248fbbd5 | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248feb40 L"ProfilesDirectory",00000000,0022f298,00000000,0022f29c,) ret=7f9c248fb437 | |
| 0011:Ret user32.DdeInitializeW() retval=00000000 ret=7fc243bb0d4c | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45ff0 L"Progman",000004b0,) ret=7fc243bb0d64 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f9c248fb4cd | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c000 ret=7fc243bb0d64 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45ff0 L"Progman",000004b0,) ret=7fc243bb0d83 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248feb40 L"ProfilesDirectory",00000000,00000000,000221f0,0022f29c,) ret=7f9c248fb4f7 | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c000 ret=7fc243bb0d83 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45fec L"*",000004b0,) ret=7fc243bb0da2 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f2a0,000221f0 L"C:\\users",) ret=7f9c248fb51c | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c001 ret=7fc243bb0da2 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000010 ret=7f9c248fb51c | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45fe0 L"Shell",000004b0,) ret=7fc243bb0dc1 | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022f2a0,0022f2b0,0022f28c,) ret=7f9c248fb53f | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c002 ret=7fc243bb0dc1 | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45fc0 L"AppProperties",000004b0,) ret=7fc243bb0de0 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c003 ret=7fc243bb0de0 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45fb0 L"Folders",000004b0,) ret=7fc243bb0dff | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248feb20 L"AllUsersProfile",00000000,0022f298,00000000,0022f29c,) ret=7f9c248fb437 | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c004 ret=7fc243bb0dff | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call user32.DdeCreateStringHandleW(00000001,7fc243c45f98 L"Groups",000004b0,) ret=7fc243bb0e1e | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f9c248fb4cd | |
| 0011:Ret user32.DdeCreateStringHandleW() retval=0000c005 ret=7fc243bb0e1e | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fb4cd | |
| 0011:Call user32.DdeNameService(00000001,0000c004,00000000,00000001,) ret=7fc243bb0e40 | |
| 000d:Ret PE DLL (proc=0x7f1c7f44e7f0,module=0x7f1c7f400000 L"winex11.drv",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248feb20 L"AllUsersProfile",00000000,00000000,000221f0,0022f29c,) ret=7f9c248fb4f7 | |
| 000d:Call winex11.drv.wine_get_gdi_driver(0000002f,) ret=7f1c8160859f | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4f7 | |
| 000d:Ret winex11.drv.wine_get_gdi_driver() retval=7f1c7f675f20 ret=7f1c8160859f | |
| 0011:Call winex11.drv.WindowPosChanging(00010038,00000000,00000014,0023e860,0023e860,0023e6e0,0023e6d8,) ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f2a0,000221f0 L"Public",) ret=7f9c248fb51c | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023d890,) ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000000c ret=7f9c248fb51c | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d570,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlExpandEnvironmentStrings_U(00350000,0022f2a0,0022f2b0,0022f28c,) ret=7f9c248fb53f | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlExpandEnvironmentStrings_U() retval=00000000 ret=7f9c248fb53f | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023db00,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fb56c | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fb56c | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3c0,7f9c248feb00 L"ALLUSERSPROFILE",) ret=7f9c248fc51d | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e160,) ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fc51d | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de40,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3d0,0022f690 L"C:\\users\\Public",) ret=7f9c248fc52f | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7f9c248fc52f | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3c0,0022f3d0,) ret=7f9c248fc53d | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fc53d | |
| 0011:Call winex11.drv.WindowPosChanged(00010038,00000000,00000034,0023e860,0023e860,0023e6e0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Call advapi32.RegCloseKey(0000009c,) ret=7f9c248fc271 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c248fc271 | |
| 000d:Call winex11.drv.CreateDesktopWindow(00010020,) ret=7f1c81971283 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_NCCREATE,wp=00000000,lp=0023ea50) | |
| 000f:Call KERNEL32.GetComputerNameW(0022f690,0022f398,) ret=7f9c248fbc02 | |
| 000d:Ret winex11.drv.CreateDesktopWindow() retval=00000001 ret=7f1c81971283 | |
| 0011:Call winex11.drv.SetWindowText(00010038,000486c0 L"",) ret=7fc24baab441 | |
| 000f:Ret KERNEL32.GetComputerNameW() retval=00000001 ret=7f9c248fbc02 | |
| 000d:Ret user32.RegisterClassW() retval=0000c023 ret=7f1c82027eb4 | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3c0,7f9c248fead0 L"COMPUTERNAME",) ret=7f9c248fc0c4 | |
| 000d:Ret KERNEL32.InitOnceExecuteOnce() retval=00000001 ret=7f1c82029701 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_NCCREATE,wp=00000000,lp=0023ea50) retval=00000001 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000018 ret=7f9c248fc0c4 | |
| 000d:Call user32.CreateWindowExW(00000000,7f1c82109920 L"OleMainThreadWndClass",00000000,00000000,00000000,00000000,00000000,00000000,fffffffffffffffd,00000000,7f1c82010000,00000000,) ret=7f1c82029731 | |
| 0011:Call imm32.__wine_register_window(00010038,) ret=7fc24bb1f3e1 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3d0,0022f690 L"MAGIC-RB-PC",) ret=7f9c248fc0d6 | |
| 0011:Call user32.GetClassNameW(00010038,0023e690,00000008,) ret=7fc24a7395f8 | |
| 000d:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023ebe0,00000000,) ret=7f1c819c7d7f | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000016 ret=7f9c248fc0d6 | |
| 0011:Ret user32.GetClassNameW() retval=00000007 ret=7fc24a7395f8 | |
| 000d:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7f1c819c7d7f | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3c0,0022f3d0,) ret=7f9c248fc0e4 | |
| 0011:Call user32.GetClassLongPtrW(00010038,ffffffe6,) ret=7fc24a7396b5 | |
| 0011:Ret user32.GetClassLongPtrW() retval=00000000 ret=7fc24a7396b5 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fc0e4 | |
| 0011:Call user32.GetWindowThreadProcessId(00010038,0023e604,) ret=7fc24a7386b2 | |
| 000f:Call KERNEL32.IsWow64Process(ffffffffffffffff,0022f39c,) ret=7f9c248fbc26 | |
| 0011:Ret user32.GetWindowThreadProcessId() retval=00000011 ret=7fc24a7386b2 | |
| 000f:Ret KERNEL32.IsWow64Process() retval=00000001 ret=7f9c248fbc26 | |
| 0011:Ret imm32.__wine_register_window() retval=00000001 ret=7fc24bb1f3e1 | |
| 000f:Call advapi32.RegOpenKeyExW(ffffffff80000002,7f9c248fea20 L"Software\\Microsoft\\Windows\\CurrentVersion",00000000,00020119,0022f3b8,) ret=7f9c248fbc54 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e880) | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c248fbc54 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e880) retval=00000000 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248fea00 L"ProgramFilesDir",00000000,0022f298,00000000,0022f29c,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.WindowPosChanging(00010038,00000000,00000010,0023e860,0023e880,0023e6e0,0023e6d8,) ret=7fc24bb243bc | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e160,) ret=7fc24baf21c9 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248fea00 L"ProgramFilesDir",00000000,00000000,0022f400,0022f28c,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de40,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3e0,7f9c248fe9d0 L"ProgramW6432",) ret=7f9c248fc4bf | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000018 ret=7f9c248fc4bf | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3f0,0022f400 L"C:\\Program Files",) ret=7f9c248fc4cc | |
| 0011:Call winex11.drv.WindowPosChanged(00010038,00000000,00000010,0023e860,0023e880,0023e6e0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7f9c248fc4cc | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3e0,0022f3f0,) ret=7f9c248fc4da | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fc4da | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_CREATE,wp=00000000,lp=0023ea50) | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3e0,7f9c248fe9b0 L"ProgramFiles",) ret=7f9c248fc4e9 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_CREATE,wp=00000000,lp=0023ea50) retval=00000000 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000018 ret=7f9c248fc4e9 | |
| 0011:Call winex11.drv.CreateWindow(00010038,) ret=7fc24bb1f4f2 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3f0,0022f400 L"C:\\Program Files",) ret=7f9c248fc4f6 | |
| 000d:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023e580,00000000,) ret=7f1c819c7d7f | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_SIZE,wp=00000000,lp=00000000) | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7f9c248fc4f6 | |
| 000d:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7f1c819c7d7f | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000 | |
| 000d:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f1c819c45c0,0023eb50,) ret=7f1c819af1c9 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3e0,0022f3f0,) ret=7f9c248fc504 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 000d:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f1c819af1c9 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fc504 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 000d:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f1c819c45c0,0023eb50,) ret=7f1c819af1c9 | |
| 0011:Ret user32.DdeNameService() retval=00000001 ret=7fc243bb0e40 | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248fe950 L"CommonFilesDir",00000000,0022f298,00000000,0022f29c,) ret=7f9c248fb437 | |
| 000d:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f1c819af1c9 | |
| 0011:Call user32.DdeNameService(00000001,0000c000,00000000,00000001,) ret=7fc243bb0e5b | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 000d:Call window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_GETMINMAXINFO,wp=00000000,lp=0023f240) | |
| 000f:Call advapi32.RegQueryValueExW(0000009c,7f9c248fe950 L"CommonFilesDir",00000000,00000000,0022f400,0022f28c,) ret=7f9c248fb4a2 | |
| 000d:Call user32.DefWindowProcW(0001003e,00000024,00000000,0023f240,) ret=7f1c8202ae85 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.WindowPosChanging(00010040,00000000,00000014,0023e860,0023e860,0023e6e0,0023e6d8,) ret=7fc24bb243bc | |
| 000d:Ret user32.DefWindowProcW() retval=00000000 ret=7f1c8202ae85 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3e0,7f9c248fe920 L"CommonProgramW6432",) ret=7f9c248fc417 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fc417 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3f0,0022f400 L"C:\\Program Files\\Common Files",) ret=7f9c248fc424 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023d890,) ret=7fc24baf21c9 | |
| 000d:Ret window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_GETMINMAXINFO,wp=00000000,lp=0023f240) retval=00000000 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000003a ret=7f9c248fc424 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d570,) ret=7fc24baf1db7 | |
| 000d:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7f1c819aee90,0023ef90,) ret=7f1c819af1c9 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3e0,0022f3f0,) ret=7f9c248fc432 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Call winex11.drv.GetMonitorInfo(00000001,0023ec70,) ret=7f1c819aedb7 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fc432 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7f1c819aedb7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3e0,7f9c248fe8e0 L"CommonProgramFiles",) ret=7f9c248fc441 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023db00,) ret=7fc24baf1db7 | |
| 000d:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7f1c819af1c9 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fc441 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Call winex11.drv.GetMonitorInfo(00000001,0023f270,) ret=7f1c819aedb7 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022f3f0,0022f400 L"C:\\Program Files\\Common Files",) ret=7f9c248fc44e | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=0000003a ret=7f9c248fc44e | |
| 000d:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7f1c819aedb7 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e160,) ret=7fc24baf21c9 | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022f3e0,0022f3f0,) ret=7f9c248fc45c | |
| 000d:Call winex11.drv.WindowPosChanging(0001003e,00000000,00000014,0023f330,0023f330,0023f1b0,0023f1a8,) ret=7f1c819e13bc | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de40,) ret=7fc24baf1db7 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fc45c | |
| 000d:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7f1c819e13bc | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Call advapi32.RegCloseKey(0000009c,) ret=7f9c248fc0a7 | |
| 000d:Call winex11.drv.WindowPosChanged(0001003e,00000000,00000014,0023f330,0023f330,0023f1b0,00000000,00000000,) ret=7f1c819e1831 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c248fc0a7 | |
| 000d:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7f1c819e1831 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 000f:Call advapi32.GetTokenInformation(00000098,00000001,00000000,00000000,0022f398,) ret=7f9c248fbc8d | |
| 000d:Call window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_NCCREATE,wp=00000000,lp=0023f520) | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000f:Ret advapi32.GetTokenInformation() retval=00000000 ret=7f9c248fbc8d | |
| 000d:Call user32.DefWindowProcW(0001003e,00000081,00000000,0023f520,) ret=7f1c8202ae85 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c248fbcc2 | |
| 000d:Call winex11.drv.SetWindowText(0001003e,00042970 L"",) ret=7f1c81968441 | |
| 0011:Call winex11.drv.WindowPosChanged(00010040,00000000,00000034,0023e860,0023e860,0023e6e0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221f0 ret=7f9c248fbcc2 | |
| 000d:Ret winex11.drv.SetWindowText() retval=00000000 ret=7f1c81968441 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Call advapi32.GetTokenInformation(00000098,00000001,000221f0,0000002c,0022f398,) ret=7f9c248fbcf5 | |
| 000d:Ret user32.DefWindowProcW() retval=00000001 ret=7f1c8202ae85 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_NCCREATE,wp=00000000,lp=0023ea50) | |
| 000f:Ret advapi32.GetTokenInformation() retval=00000001 ret=7f9c248fbcf5 | |
| 000d:Ret window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_NCCREATE,wp=00000000,lp=0023f520) retval=00000001 | |
| 0011:Call winex11.drv.SetWindowText(00010040,00048990 L"",) ret=7fc24baab441 | |
| 000f:Call advapi32.ConvertSidToStringSidW(00022200,0022f3f0,) ret=7f9c248fbd12 | |
| 000d:Call window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_NCCALCSIZE,wp=00000000,lp=0023f350) | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000f:Ret advapi32.ConvertSidToStringSidW() retval=00000001 ret=7f9c248fbd12 | |
| 000d:Call user32.DefWindowProcW(0001003e,00000083,00000000,0023f350,) ret=7f1c8202ae85 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_NCCREATE,wp=00000000,lp=0023ea50) retval=00000001 | |
| 000f:Call advapi32.LookupAccountSidW(00000000,00022200,0022f6a2,0022f3b8,00000000,0022f3e0,0022f39c,) ret=7f9c248fbdc4 | |
| 000d:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023e550,00000000,) ret=7f1c819c7d7f | |
| 0011:Call imm32.__wine_register_window(00010040,) ret=7fc24bb1f3e1 | |
| 000d:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7f1c819c7d7f | |
| 0011:Call user32.GetClassNameW(00010040,0023e690,00000008,) ret=7fc24a7395f8 | |
| 000f:Ret advapi32.LookupAccountSidW() retval=00000000 ret=7f9c248fbdc4 | |
| 0011:Ret user32.GetClassNameW() retval=00000007 ret=7fc24a7395f8 | |
| 000d:Ret user32.DefWindowProcW() retval=00000000 ret=7f1c8202ae85 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000221f0,) ret=7f9c248fbde8 | |
| 0011:Call user32.GetClassLongPtrW(00010040,ffffffe6,) ret=7fc24a7396b5 | |
| 000d:Ret window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_NCCALCSIZE,wp=00000000,lp=0023f350) retval=00000000 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c248fbde8 | |
| 0011:Ret user32.GetClassLongPtrW() retval=00000000 ret=7fc24a7396b5 | |
| 000d:Call winex11.drv.WindowPosChanging(0001003e,00000000,00000010,0023f330,0023f350,0023f1b0,0023f1a8,) ret=7f1c819e13bc | |
| 000f:Call KERNEL32.LocalFree(00022230,) ret=7f9c248fbe0e | |
| 0011:Call user32.GetWindowThreadProcessId(00010040,0023e604,) ret=7fc24a7386b2 | |
| 000d:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7f1c819e13bc | |
| 000f:Ret KERNEL32.LocalFree() retval=00000000 ret=7f9c248fbe0e | |
| 0011:Ret user32.GetWindowThreadProcessId() retval=00000011 ret=7fc24a7386b2 | |
| 000d:Call winex11.drv.WindowPosChanged(0001003e,00000000,00000010,0023f330,0023f350,0023f1b0,00000000,00000000,) ret=7f1c819e1831 | |
| 000f:Call advapi32.RegOpenKeyExW(ffffffff80000003,0022f690 L"S-1-5-21-0-0-0-1000",00000000,00020019,0022f3a8,) ret=7f9c248fbf7c | |
| 0011:Ret imm32.__wine_register_window() retval=00000001 ret=7fc24bb1f3e1 | |
| 000d:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7f1c819e1831 | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c248fbf7c | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e880) | |
| 000d:Call window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_CREATE,wp=00000000,lp=0023f520) | |
| 000f:Call advapi32.RegOpenKeyExW(000000a0,7f9c248fec30 L"Environment",00000000,00020019,0022f3b0,) ret=7f9c248fbfbf | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e880) retval=00000000 | |
| 000d:Call user32.DefWindowProcW(0001003e,00000001,00000000,0023f520,) ret=7f1c8202ae85 | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000000 ret=7f9c248fbfbf | |
| 0011:Call winex11.drv.WindowPosChanging(00010040,00000000,00000010,0023e860,0023e880,0023e6e0,0023e6d8,) ret=7fc24bb243bc | |
| 000d:Ret user32.DefWindowProcW() retval=00000000 ret=7f1c8202ae85 | |
| 000f:Call advapi32.RegEnumValueW(000000a4,00000000,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e160,) ret=7fc24baf21c9 | |
| 000d:Ret window proc 0x7f1c8202ade0 (hwnd=0x1003e,msg=WM_CREATE,wp=00000000,lp=0023f520) retval=00000000 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de40,) ret=7fc24baf1db7 | |
| 000d:Call winex11.drv.CreateWindow(0001003e,) ret=7f1c819dc4f2 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TEMP",) ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Ret winex11.drv.CreateWindow() retval=00000001 ret=7f1c819dc4f2 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb689 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Ret user32.CreateWindowExW() retval=0001003e ret=7f1c82029731 | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TEMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 000d:Ret ole32.CoInitialize() retval=00000000 ret=7f1c8278e567 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Call KERNEL32.CreateSemaphoreA(00000000,00000001,00000001,7f1c82791c67 "winemenubuilder_semaphore",) ret=7f1c8278e6f5 | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TEMP",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000d:Ret KERNEL32.CreateSemaphoreA() retval=00000068 ret=7f1c8278e6f5 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.WindowPosChanged(00010040,00000000,00000010,0023e860,0023e880,0023e6e0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000d:Call user32.MsgWaitForMultipleObjects(00000001,0023fa70,00000000,ffffffff,000004ff,) ret=7f1c8278e720 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\users\\main\\Temp",) ret=7f9c248fb7cc | |
| 000d:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000002,0023f540,ffffffff,000004ff,00000000,) ret=7f1c819e7b2f | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fb7cc | |
| 000d:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7f1c819e7b2f | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_CREATE,wp=00000000,lp=0023ea50) | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 000d:Ret user32.MsgWaitForMultipleObjects() retval=00000000 ret=7f1c8278e720 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_CREATE,wp=00000000,lp=0023ea50) retval=00000000 | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 0011:Call winex11.drv.CreateWindow(00010040,) ret=7fc24bb1f4f2 | |
| 000f:Call advapi32.RegEnumValueW(000000a4,00000001,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049670 ret=7f1c82787a12 | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,00049670,0000001d,) ret=7f1c82787a97 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_SIZE,wp=00000000,lp=00000000) | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TMP",) ret=7f9c248fb689 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=00049670 ret=7f1c82787a97 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000006 ret=7f9c248fb689 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000496a0 ret=7f1c82787a12 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret user32.DdeNameService() retval=00000001 ret=7fc243bb0e5b | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,000496a0,00000026,) ret=7f1c82787a97 | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TMP",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call user32.DdeNameService(00000001,0000c002,00000000,00000001,) ret=7fc243bb0e76 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=000496a0 ret=7f1c82787a97 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000496e0 ret=7f1c82787a12 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\users\\main\\Temp",) ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.WindowPosChanging(00010042,00000000,00000014,0023e860,0023e860,0023e6e0,0023e6d8,) ret=7fc24bb243bc | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,000496e0,00000025,) ret=7f1c82787a97 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=000496e0 ret=7f1c82787a97 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023d890,) ret=7fc24baf21c9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003a,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023d570,) ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000494b0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 000f:Call advapi32.RegEnumValueW(000000a4,00000002,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049720 ret=7f1c82787a12 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000103 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023db00,) ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,00049720,00000023,) ret=7f1c82787a97 | |
| 000f:Call advapi32.RegEnumValueW(000000a4,00000000,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=00049720 ret=7f1c82787a97 | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787be6 | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TEMP",) ret=7f9c248fb689 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e160,) ret=7fc24baf21c9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049760 ret=7f1c82787be6 | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000008 ret=7f9c248fb689 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de40,) ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TEMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000429a0 ret=7f1c82787ccc | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000027,) ret=7f1c8278790a | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TEMP",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00042f60 ret=7f1c8278790a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\users\\main\\Temp",) ret=7f9c248fb7cc | |
| 0011:Call winex11.drv.WindowPosChanged(00010042,00000000,00000034,0023e860,0023e860,0023e6e0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00042fa0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fb7cc | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_NCCREATE,wp=00000000,lp=0023ea50) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a770 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Call winex11.drv.SetWindowText(00010042,00048c60 L"",) ret=7fc24baab441 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call advapi32.RegEnumValueW(000000a4,00000001,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a7a0 ret=7f1c82787ccc | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000000 ret=7f9c248fb634 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_NCCREATE,wp=00000000,lp=0023ea50) retval=00000001 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2a0,0022e2c0 L"TMP",) ret=7f9c248fb689 | |
| 0011:Call imm32.__wine_register_window(00010042,) ret=7fc24bb1f3e1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a7e0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000006 ret=7f9c248fb689 | |
| 0011:Call user32.GetClassNameW(00010042,0023e690,00000008,) ret=7fc24a7395f8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TMP",00000000,0022e1f8,00000000,0022e1fc,) ret=7f9c248fb437 | |
| 0011:Ret user32.GetClassNameW() retval=00000007 ret=7fc24a7395f8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a810 ret=7f1c8278790a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb437 | |
| 0011:Call user32.GetClassLongPtrW(00010042,ffffffe6,) ret=7fc24a7396b5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 000f:Call advapi32.RegQueryValueExW(000000a4,0022e2c0 L"TMP",00000000,00000000,0022eac0,0022e1ec,) ret=7f9c248fb4a2 | |
| 0011:Ret user32.GetClassLongPtrW() retval=00000000 ret=7fc24a7396b5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a840 ret=7f1c8278790a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c248fb4a2 | |
| 0011:Call user32.GetWindowThreadProcessId(00010042,0023e604,) ret=7fc24a7386b2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a870 ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlInitUnicodeString(0022e2b0,0022eac0 L"C:\\users\\main\\Temp",) ret=7f9c248fb7cc | |
| 0011:Ret user32.GetWindowThreadProcessId() retval=00000011 ret=7fc24a7386b2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlInitUnicodeString() retval=00000024 ret=7f9c248fb7cc | |
| 0011:Ret imm32.__wine_register_window() retval=00000001 ret=7fc24bb1f3e1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a8b0 ret=7f1c8278790a | |
| 000f:Call ntdll.RtlSetEnvironmentVariable(0022f3a0,0022e2a0,0022e2b0,) ret=7f9c248fb7de | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e880) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlSetEnvironmentVariable() retval=00000000 ret=7f9c248fb7de | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e880) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a8f0 ret=7f1c8278790a | |
| 000f:Call advapi32.RegEnumValueW(000000a4,00000002,0022e2c0,0022e29c,00000000,00000000,00000000,00000000,) ret=7f9c248fb634 | |
| 0011:Call winex11.drv.WindowPosChanging(00010042,00000000,00000010,0023e860,0023e880,0023e6e0,0023e6d8,) ret=7fc24bb243bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Ret advapi32.RegEnumValueW() retval=00000103 ret=7f9c248fb634 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e160,) ret=7fc24baf21c9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a920 ret=7f1c8278790a | |
| 000f:Call advapi32.RegCloseKey(000000a4,) ret=7f9c248fc5ad | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023de40,) ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c248fc5ad | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a950 ret=7f1c82787ccc | |
| 000f:Call advapi32.RegOpenKeyExW(000000a0,7f9c248fec00 L"Volatile Environment",00000000,00020019,0022f3b0,) ret=7f9c248fbfee | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 000f:Ret advapi32.RegOpenKeyExW() retval=00000002 ret=7f9c248fbfee | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e3d0,) ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a990 ret=7f1c8278790a | |
| 000f:Call advapi32.RegCloseKey(000000a0,) ret=7f9c248fc003 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret advapi32.RegCloseKey() retval=00000000 ret=7f9c248fc003 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a9c0 ret=7f1c8278790a | |
| 000f:Ret userenv.CreateEnvironmentBlock() retval=00000001 ret=7f9c251446d6 | |
| 0011:Call winex11.drv.WindowPosChanged(00010042,00000000,00000010,0023e860,0023e880,0023e6e0,00000000,7fc24be44e40,) ret=7fc24bb24831 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(00000098,) ret=7f9c251446e0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004a9f0 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c251446e0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_CREATE,wp=00000000,lp=0023ea50) | |
| 000f:Call KERNEL32.ResetEvent(00000030,) ret=7f9c25143e85 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aa20 ret=7f1c82787ccc | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_CREATE,wp=00000000,lp=0023ea50) retval=00000000 | |
| 000f:Ret KERNEL32.ResetEvent() retval=00000001 ret=7f9c25143e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002b,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.CreateWindow(00010042,) ret=7fc24bb1f4f2 | |
| 000f:Call KERNEL32.CreateProcessW(00000000,00022100 L"C:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe",00000000,00000000,00000000,00000400,00350000,00000000,0023f870,0023f850,) ret=7f9c25143f02 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aa60 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_SIZE,wp=00000000,lp=00000000) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aaa0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_SIZE,wp=00000000,lp=00000000) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_MOVE,wp=00000000,lp=00000000) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aad0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_MOVE,wp=00000000,lp=00000000) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ab00 ret=7f1c82787ccc | |
| 0011:Ret user32.DdeNameService() retval=00000001 ret=7fc243bb0e76 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0011:Ret shell32.188() retval=00000001 ret=7fc24c4ded35 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ab40 ret=7f1c8278790a | |
| 0011:Call KERNEL32.LoadLibraryA(7fc24c6f2595 "shell32.dll",) ret=7fc24c4e4911 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.LoadLibraryA() retval=7fc243b90000 ret=7fc24c4e4911 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ab70 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243b90000,7fc24c6f25f7 "SHGetDesktopFolder",) ret=7fc24c4e48ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc243b9a8b4 ret=7fc24c4e48ee | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aba0 ret=7f1c8278790a | |
| 0011:Call shell32.SHGetDesktopFolder(0023ef70,) ret=7fc24c4dee16 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call advapi32.RegCreateKeyW(ffffffff80000001,7fc243c52580 L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",0023dd58,) ret=7fc243bf9b00 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004abd0 ret=7f1c82787ccc | |
| 0011:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7fc243bf9b00 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegCreateKeyW(ffffffff80000001,7fc243c524e0 L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",0023dd50,) ret=7fc243bf9b94 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ac10 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7fc243bf9b94 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegQueryValueExW(0000006c,7fc243c54110 L"Desktop",00000000,0023dd48,0023e710,0023dd4c,) ret=7fc243bf9bcd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ac50 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fc243bf9bcd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fc243c52680 L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",00000000,00000000,00000000,000f003f,00000000,0023d4b0,0023d4b8,) ret=7fc243bf92a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ac80 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fc243bf92a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call KERNEL32.GetSystemDirectoryW(0023daf0,00000104,) ret=7fc243bf97d2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004acb0 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7fc243bf97d2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegQueryValueExW(00000070,7fc243c52640 L"ProfilesDirectory",00000000,0023d440,0023d6d0,0023d444,) ret=7fc243bf898c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004acf0 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fc243bf898c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call advapi32.GetUserNameW(0023daf0,0023d4b8,) ret=7fc243bf94db | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ad20 ret=7f1c8278790a | |
| 0011:Ret advapi32.GetUserNameW() retval=00000001 ret=7fc243bf94db | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call shlwapi.PathAppendW(0023e180 L"C:\\users",0023daf0 L"main",) ret=7fc243bf94e6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ad50 ret=7f1c8278790a | |
| 0011:Ret shlwapi.PathAppendW() retval=00000001 ret=7fc243bf94e6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call shlwapi.PathAppendW(0023e180 L"C:\\users\\main",0023d4da L"\\Desktop",) ret=7fc243bf9535 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ad80 ret=7f1c82787ccc | |
| 0011:Ret shlwapi.PathAppendW() retval=00000001 ret=7fc243bf9535 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegCloseKey(00000070,) ret=7fc243bf919a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004adc0 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc243bf919a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegSetValueExW(00000068,7fc243c54110 L"Desktop",00000000,00000001,0023e710,0000002c,) ret=7fc243bf9c40 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ae00 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fc243bf9c40 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Call advapi32.RegCloseKey(00000068,) ret=7fc243bf9c6e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ae30 ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc243bf9c6e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call advapi32.RegCloseKey(0000006c,) ret=7fc243bf9c78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ae60 ret=7f1c82787ccc | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc243bf9c78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0011:Call shlwapi.PathFileExistsW(0023e500 L"C:\\users\\main\\Desktop",) ret=7fc243bff017 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aea0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.SetErrorMode(00000001,) ret=7fc2481d103f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.SetErrorMode() retval=00000000 ret=7fc2481d103f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004aee0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetFileAttributesW(0023e500 L"C:\\users\\main\\Desktop",) ret=7fc2481d1049 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetFileAttributesW() retval=00000410 ret=7fc2481d1049 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004af10 ret=7f1c8278790a | |
| 0011:Call KERNEL32.SetErrorMode(00000000,) ret=7fc2481d1052 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.SetErrorMode() retval=00000001 ret=7fc2481d1052 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004af40 ret=7f1c82787ccc | |
| 0011:Ret shlwapi.PathFileExistsW() retval=00000001 ret=7fc243bff017 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.LocalAlloc(00000040,00000030,) ret=7fc243c07f28 | |
| 0015:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004af80 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.LocalAlloc() retval=00048c90 ret=7fc243c07f28 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0015:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 0011:Call KERNEL32.LoadLibraryA(7fc243e9e470 "ole32.dll",) ret=7fc243c40e71 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004afb0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004afe0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b010 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b050 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b090 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b0c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b0f0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b130 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call PE DLL (proc=0x7fc2438f1a40,module=0x7fc243800000 L"ole32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b170 ret=7f1c8278790a | |
| 0011:Ret PE DLL (proc=0x7fc2438f1a40,module=0x7fc243800000 L"ole32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.LoadLibraryA() retval=7fc243800000 ret=7fc243c40e71 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b1a0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243800000,7fc243e9e508 "CoTaskMemAlloc",) ret=7fc243c40e4e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc243803004 ret=7fc243c40e4e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b1d0 ret=7f1c82787ccc | |
| 0011:Call ole32.CoTaskMemAlloc(00000002,) ret=7fc243bf0bdc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7fc24383e91d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b210 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=00048cd0 ret=7fc24383e91d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ole32.CoTaskMemAlloc() retval=00048cd0 ret=7fc243bf0bdc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b250 ret=7f1c8278790a | |
| 0011:Call ole32.CoTaskMemAlloc(0000002c,) ret=7fc243bf0bdc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fc24383e91d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b280 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=00048d00 ret=7fc24383e91d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ole32.CoTaskMemAlloc() retval=00048d00 ret=7fc243bf0bdc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b2b0 ret=7f1c82787ccc | |
| 0011:Ret shell32.SHGetDesktopFolder() retval=00000000 ret=7fc24c4dee16 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,000000f0,) ret=7fc243c3a936 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b2f0 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004a1e0 ret=7fc243c3a936 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.LoadLibraryA(7fc24c6f25ae "ole32.dll",) ret=7fc24c4e4911 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b320 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.LoadLibraryA() retval=7fc243800000 ret=7fc24c4e4911 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243800000,7fc24c6f26c1 "CoInitialize",) ret=7fc24c4e48ee | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b350 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc243802cac ret=7fc24c4e48ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call ole32.CoInitialize(00000000,) ret=7fc24c4dee4c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b380 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000120,) ret=7fc243819f45 | |
| 0015:Call KERNEL32.__wine_kernel_init() ret=7bc58855 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004a2e0 ret=7fc243819f45 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b3c0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000048,) ret=7fc24384b805 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=00048d40 ret=7fc24384b805 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b400 ret=7f1c8278790a | |
| 0011:Call KERNEL32.InitializeCriticalSection(00048d60,) ret=7fc24384b842 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fc24384b842 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b430 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,000000c8,) ret=7fc2438155f6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004a410 ret=7fc2438155f6 | |
| 0011:Call KERNEL32.InitializeCriticalSection(0004a440,) ret=7fc24381565a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b460 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fc24381565a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.InitOnceExecuteOnce(7fc243b707d0,7fc243814e10,00000000,00000000,) ret=7fc243816701 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b4a0 ret=7f1c8278790a | |
| 0011:Call user32.RegisterClassW(0023eb00,) ret=7fc243814eb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret user32.RegisterClassW() retval=0000c023 ret=7fc243814eb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b4d0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.InitOnceExecuteOnce() retval=00000001 ret=7fc243816701 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Call user32.CreateWindowExW(00000000,7fc2438f6920 L"OleMainThreadWndClass",00000000,00000000,00000000,00000000,00000000,00000000,fffffffffffffffd,00000000,7fc243800000,00000000,) ret=7fc243816731 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b500 ret=7f1c8278790a | |
| 0011:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023e1b0,00000000,) ret=7fc24bb0ad7f | |
| 000d:Call ntdll.RtlFreeHeap(00010000,00000000,00049760,) ret=7f1c82787d9d | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f1c82787d9d | |
| 000d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f1c82787c44 | |
| 0011:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023db50,00000000,) ret=7fc24bb0ad7f | |
| 000d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f1c82787c44 | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000d:Call ntdll.RtlFreeHeap(00010000,00000000,00049720,) ret=7f1c82787c6d | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023e120,) ret=7fc24baf21c9 | |
| 000d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f1c82787c6d | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24bb075c0,0023e120,) ret=7fc24baf21c9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049720 ret=7f1c82787a12 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,00049720,0000001c,) ret=7f1c82787a97 | |
| 0011:Call window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_GETMINMAXINFO,wp=00000000,lp=0023e810) | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=00049720 ret=7f1c82787a97 | |
| 000f:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7f9c25143f02 | |
| 0011:Call user32.DefWindowProcW(00010044,00000024,00000000,0023e810,) ret=7fc243817e85 | |
| 000d:Call ntdll.RtlFreeHeap(00010000,00000000,00049720,) ret=7f1c82787c6d | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c25143f1f | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc243817e85 | |
| 000d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f1c82787c6d | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143f1f | |
| 0011:Ret window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_GETMINMAXINFO,wp=00000000,lp=0023e810) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 000f:Call KERNEL32.CloseHandle(000000a8,) ret=7f9c25143f4d | |
| 0011:Call winex11.drv.EnumDisplayMonitors(00000000,00000000,7fc24baf1e90,0023e560,) ret=7fc24baf21c9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049720 ret=7f1c82787a12 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143f4d | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e240,) ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,00049720,0000001d,) ret=7f1c82787a97 | |
| 000f:Call KERNEL32.ConnectNamedPipe(00000094,0023fb50,) ret=7f9c251449c6 | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=00049720 ret=7f1c82787a97 | |
| 000f:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7f9c251449c6 | |
| 0011:Ret winex11.drv.EnumDisplayMonitors() retval=00000001 ret=7fc24baf21c9 | |
| 000d:Call ntdll.RtlFreeHeap(00010000,00000000,00049720,) ret=7f1c82787c6d | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023fb70,00000000,00002710,) ret=7f9c25144d42 | |
| 0011:Call winex11.drv.GetMonitorInfo(00000001,0023e840,) ret=7fc24baf1db7 | |
| 000d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f1c82787c6d | |
| 0011:Ret winex11.drv.GetMonitorInfo() retval=00000001 ret=7fc24baf1db7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787a12 | |
| 0011:Call winex11.drv.WindowPosChanging(00010044,00000000,00000014,0023e900,0023e900,0023e780,0023e778,) ret=7fc24bb243bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049720 ret=7f1c82787a12 | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000d:Call ntdll.RtlReAllocateHeap(00010000,00000000,00049720,00000017,) ret=7f1c82787a97 | |
| 0011:Call winex11.drv.WindowPosChanged(00010044,00000000,00000014,0023e900,0023e900,0023e780,00000000,00000000,) ret=7fc24bb24831 | |
| 000d:Ret ntdll.RtlReAllocateHeap() retval=00049720 ret=7f1c82787a97 | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7f1c82787be6 | |
| 0011:Call window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_NCCREATE,wp=00000000,lp=0023eaf0) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00049750 ret=7f1c82787be6 | |
| 0011:Call user32.DefWindowProcW(00010044,00000081,00000000,0023eaf0,) ret=7fc243817e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call winex11.drv.SetWindowText(00010044,0004a8e0 L"",) ret=7fc24baab441 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b530 ret=7f1c82787ccc | |
| 0011:Ret winex11.drv.SetWindowText() retval=00000000 ret=7fc24baab441 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0011:Ret user32.DefWindowProcW() retval=00000001 ret=7fc243817e85 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b570 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_NCCREATE,wp=00000000,lp=0023eaf0) retval=00000001 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e920) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b5a0 ret=7f1c8278790a | |
| 0011:Call user32.DefWindowProcW(00010044,00000083,00000000,0023e920,) ret=7fc243817e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.SystemParametersInfo(00000029,00000000,0023db20,00000000,) ret=7fc24bb0ad7f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b5d0 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.SystemParametersInfo() retval=00000000 ret=7fc24bb0ad7f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc243817e85 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b600 ret=7f1c82787ccc | |
| 0011:Ret window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_NCCALCSIZE,wp=00000000,lp=0023e920) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.WindowPosChanging(00010044,00000000,00000010,0023e900,0023e920,0023e780,0023e778,) ret=7fc24bb243bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b640 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.WindowPosChanging() retval=00000000 ret=7fc24bb243bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.WindowPosChanged(00010044,00000000,00000010,0023e900,0023e920,0023e780,00000000,00000000,) ret=7fc24bb24831 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b670 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.WindowPosChanged() retval=00000000 ret=7fc24bb24831 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_CREATE,wp=00000000,lp=0023eaf0) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b6a0 ret=7f1c8278790a | |
| 0011:Call user32.DefWindowProcW(00010044,00000001,00000000,0023eaf0,) ret=7fc243817e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc243817e85 | |
| 0011:Ret window proc 0x7fc243817de0 (hwnd=0x10044,msg=WM_CREATE,wp=00000000,lp=0023eaf0) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b6d0 ret=7f1c82787ccc | |
| 0011:Call winex11.drv.CreateWindow(00010044,) ret=7fc24bb1f4f2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0011:Ret winex11.drv.CreateWindow() retval=00000001 ret=7fc24bb1f4f2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b710 ret=7f1c8278790a | |
| 0011:Ret user32.CreateWindowExW() retval=00010044 ret=7fc243816731 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0011:Ret ole32.CoInitialize() retval=00000000 ret=7fc24c4dee4c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b740 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243800000,7fc24c6f26ce "CoRegisterClassObject",) ret=7fc24c4e48ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc243802e50 ret=7fc24c4e48ee | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b770 ret=7f1c8278790a | |
| 0011:Call ole32.CoRegisterClassObject(7fc24c4e8820,7fc24c6f3bb0,00000004,00000001,7fc24c6f3bb8,) ret=7fc24c4dee86 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000048,) ret=7fc24381cd6e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b7a0 ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004a910 ret=7fc24381cd6e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7fc24381d0ee | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b7e0 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004a970 ret=7fc24381d0ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7fc24383dfad | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b810 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004a9a0 ret=7fc24383dfad | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.GlobalAlloc(00002022,00000000,) ret=7fc24383e00c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b840 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GlobalAlloc() retval=0004a9e2 ret=7fc24383e00c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call KERNEL32.GlobalSize(0004a9e2,) ret=7fc24383dfea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b870 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GlobalSize() retval=00000000 ret=7fc24383dfea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fc2438433f2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b8b0 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aa10 ret=7fc2438433f2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.GlobalReAlloc(0004a9e2,00000018,00000000,) ret=7fc24383d9ca | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b8e0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GlobalReAlloc() retval=0004a9e2 ret=7fc24383d9ca | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.GlobalLock(0004a9e2,) ret=7fc24383db36 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b910 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GlobalLock() retval=0004aa50 ret=7fc24383db36 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call KERNEL32.GlobalUnlock(0004a9e2,) ret=7fc24383db61 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b940 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GlobalUnlock() retval=00000000 ret=7fc24383db61 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0011:Call rpcrt4.RpcServerUseProtseqEpW(7fc243b705a0 L"ncalrpc",0000000a,0023e850 L"\\pipe\\OLE_0000001000000011",00000000,) ret=7fc24385f018 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b980 ret=7f1c8278790a | |
| 0011:Call KERNEL32.WideCharToMultiByte(00000000,00000000,7fc243b705a0 L"ncalrpc",ffffffff,00000000,00000000,00000000,00000000,) ret=7fc24c16d4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.WideCharToMultiByte() retval=00000008 ret=7fc24c16d4ea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b9b0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7fc24c16d508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aa80 ret=7fc24c16d508 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004b9e0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.WideCharToMultiByte(00000000,00000000,7fc243b705a0 L"ncalrpc",ffffffff,0004aa80,00000008,00000000,00000000,) ret=7fc24c16d52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.WideCharToMultiByte() retval=00000008 ret=7fc24c16d52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ba10 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000090,) ret=7fc24c17fcd2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aab0 ret=7fc24c17fcd2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ba50 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7fc24c16d498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004ab50 ret=7fc24c16d498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ba80 ret=7f1c8278790a | |
| 0011:Call KERNEL32.InitializeCriticalSection(0004aaf8,) ret=7fc24c179e4c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fc24c179e4c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bab0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0004aa80,) ret=7fc24c16dc2b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc24c16dc2b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bae0 ret=7f1c82787ccc | |
| 0011:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0023e850 L"\\pipe\\OLE_0000001000000011",ffffffff,00000000,00000000,00000000,00000000,) ret=7fc24c16d4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.WideCharToMultiByte() retval=0000001b ret=7fc24c16d4ea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bb20 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7fc24c16d508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aa80 ret=7fc24c16d508 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bb50 ret=7f1c8278790a | |
| 0011:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0023e850 L"\\pipe\\OLE_0000001000000011",ffffffff,0004aa80,0000001b,00000000,00000000,) ret=7fc24c16d52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.WideCharToMultiByte() retval=0000001b ret=7fc24c16d52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bb80 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7fc24c17f921 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004abc0 ret=7fc24c17f921 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bbb0 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7fc24c16d498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004acf0 ret=7fc24c16d498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bbf0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000029,) ret=7fc24c189de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004ad20 ret=7fc24c189de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bc20 ret=7f1c8278790a | |
| 0011:Call KERNEL32.CreateNamedPipeA(0004ad20 "\\\\.\\pipe\\lrpc\\\\pipe\\OLE_0000001000000011",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000,) ret=7fc24c180edf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.CreateNamedPipeA() retval=0000006c ret=7fc24c180edf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bc50 ret=7f1c8278790a | |
| 0015:err:module:import_dll Library mscoree.dll (which is needed by L"C:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe") not found | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0004aa80,) ret=7fc24c16dc2b | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc24c16dc2b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret rpcrt4.RpcServerUseProtseqEpW() retval=00000000 ret=7fc24385f018 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bc80 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7fc24387a696 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aa80 ret=7fc24387a696 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bcc0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,000000b0,) ret=7fc24387991d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004ad60 ret=7fc24387991d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bcf0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.InitializeCriticalSection(0004ad80,) ret=7fc243879946 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fc243879946 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bd20 ret=7f1c8278790a | |
| 0011:Call KERNEL32.FindActCtxSectionGuid(00000000,00000000,00000005,7fc2438f6a30,0023e560,) ret=7fc24381b524 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.FindActCtxSectionGuid() retval=00000000 ret=7fc24381b524 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bd50 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e3a0,7fc2438f6960 L"\\Registry\\Machine\\Software\\Classes",) ret=7fc243815d7d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=00000044 ret=7fc243815d7d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bd90 ret=7f1c8278790a | |
| 0011:Call ntdll.NtCreateKey(0023e398,02000000,0023e3b0,00000000,00000000,00000000,00000000,) ret=7fc243815b02 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.NtCreateKey() retval=00000000 ret=7fc243815b02 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bdc0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e420,0023e5d0 L"Interface\\{00000131-0000-0000-C000-000000000046}\\ProxyStubClsid32",) ret=7fc24381822b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=00000082 ret=7fc24381822b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bdf0 ret=7f1c8278790a | |
| 0011:Call ntdll.NtOpenKey(0023e4a8,00020019,0023e430,) ret=7fc24381823a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.NtOpenKey() retval=00000000 ret=7fc24381823a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004be20 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fc243818241 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fc243818241 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004be60 ret=7f1c8278790a | |
| 0011:Call advapi32.RegQueryValueExW(00000074,00000000,00000000,00000000,0023e4b0,0023e4a4,) ret=7fc24381a8d3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fc24381a8d3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004be90 ret=7f1c8278790a | |
| 0011:Call advapi32.RegCloseKey(00000074,) ret=7fc24381a8e9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24381a8e9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bec0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.FindActCtxSectionGuid(00000001,00000000,00000004,0023e780,0023e5c0,) ret=7fc24381beaf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.FindActCtxSectionGuid() retval=00000000 ret=7fc24381beaf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bef0 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e420,0023e4b0 L"CLSID\\{00000320-0000-0000-C000-000000000046}",) ret=7fc24381822b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=00000058 ret=7fc24381822b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bf30 ret=7f1c8278790a | |
| 0011:Call ntdll.NtOpenKey(0023e4a8,00020019,0023e430,) ret=7fc24381823a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.NtOpenKey() retval=00000000 ret=7fc24381823a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bf60 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fc243818241 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fc243818241 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bf90 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e420,7fc2438f62c0 L"InprocServer32",) ret=7fc24381822b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fc24381822b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004bfc0 ret=7f1c82787ccc | |
| 0011:Call ntdll.NtOpenKey(0023e5c0,00020019,0023e430,) ret=7fc24381823a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0011:Ret ntdll.NtOpenKey() retval=00000000 ret=7fc24381823a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c000 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fc243818241 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fc243818241 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c030 ret=7f1c8278790a | |
| 0011:Call advapi32.RegCloseKey(00000074,) ret=7fc24381acdd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24381acdd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c060 ret=7f1c8278790a | |
| 0011:Call advapi32.RegQueryValueExW(00000078,00000000,00000000,0023e058,0023e060,0023e05c,) ret=7fc243816a5d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fc243816a5d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c090 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7fc243815156 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004ae60 ret=7fc243815156 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c0d0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.LoadLibraryExW(0023e2f0 L"C:\\windows\\system32\\ole32.dll",00000000,00000008,) ret=7fc2438152fa | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.LoadLibraryExW() retval=7fc243800000 ret=7fc2438152fa | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c100 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243800000,7fc2438f49ca "DllCanUnloadNow",) ret=7fc243815321 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetProcAddress() retval=00000000 ret=7fc243815321 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c130 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243800000,7fc2438f49da "DllGetClassObject",) ret=7fc243815337 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc24380326c ret=7fc243815337 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c160 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fc243815413 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004ae90 ret=7fc243815413 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c1a0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003c,) ret=7fc243815455 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aee0 ret=7fc243815455 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c1d0 ret=7f1c8278790a | |
| 0011:Call ole32.DllGetClassObject(0023e780,7fc24390a630,0023e778,) ret=7fc2438150f6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0011:Call rpcrt4.NdrDllGetClassObject(0023e780,7fc24390a630,0023e778,7fc243b70740,7fc2438f6a40,7fc243b70860,) ret=7fc243886270 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c200 ret=7f1c8278790a | |
| 0011:Ret rpcrt4.NdrDllGetClassObject() retval=00000000 ret=7fc243886270 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ole32.DllGetClassObject() retval=00000000 ret=7fc2438150f6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c230 ret=7f1c82787ccc | |
| 0011:Call advapi32.RegCloseKey(00000078,) ret=7fc24381c35c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24381c35c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c270 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7fc24c14b0a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004af30 ret=7fc24c14b0a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c2a0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7fc24387900f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004af70 ret=7fc24387900f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c2d0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fc24385ddfb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004afd0 ret=7fc24385ddfb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c300 ret=7f1c82787ccc | |
| 0011:Call rpcrt4.CStdStubBuffer_AddRef(0004af30,) ret=7fc24387906e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.CStdStubBuffer_AddRef() retval=00000002 ret=7fc24387906e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c340 ret=7f1c8278790a | |
| 0011:Call rpcrt4.NdrCStdStubBuffer_Release(0004af30,7fc243b70860,) ret=7fc2438862b8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.NdrCStdStubBuffer_Release() retval=00000001 ret=7fc2438862b8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c380 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000078,) ret=7fc24385ec6e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b000 ret=7fc24385ec6e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c3b0 ret=7f1c8278790a | |
| 0011:Call rpcrt4.RpcServerRegisterIfEx(0004b018,00000000,00000000,00000003,000004d2,00000000,) ret=7fc24385ecc0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000060,) ret=7fc24c17c7ee | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c3e0 ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b090 ret=7fc24c17c7ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.CreateMutexW(00000000,00000000,00000000,) ret=7fc24c179fd0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c420 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.CreateMutexW() retval=00000074 ret=7fc24c179fd0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c450 ret=7f1c8278790a | |
| 0011:Call KERNEL32.CreateThread(00000000,00000000,7fc24c179870,0004aab0,00000000,00000000,) ret=7fc24c179f8c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c480 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c4b0 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.CreateThread() retval=0000007c ret=7fc24c179f8c | |
| 0016:Call PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.WaitForSingleObject(00000074,ffffffff,) ret=7fc24c179bf6 | |
| 0016:Ret PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c4f0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fc24c179bf6 | |
| 0016:Call PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.SetEvent(00000068,) ret=7fc24c17fb70 | |
| 0016:Ret PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c520 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.SetEvent() retval=00000001 ret=7fc24c17fb70 | |
| 0016:Call PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.WaitForSingleObject(00000078,ffffffff,) ret=7fc24c179c18 | |
| 0016:Ret PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c550 ret=7f1c8278790a | |
| 0016:Call PE DLL (proc=0x7fc2438f1a40,module=0x7fc243800000 L"ole32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0016:Ret PE DLL (proc=0x7fc2438f1a40,module=0x7fc243800000 L"ole32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c580 ret=7f1c82787ccc | |
| 0016:Starting thread proc 0x7fc24c179870 (arg=0x4aab0) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 0016:Call ntdll.NtFsControlFile(0000006c,00000080,00000000,00000000,0004acb8,00110008,00000000,00000000,00000000,00000000,) ret=7fc24c18105a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c5c0 ret=7f1c8278790a | |
| 0016:Ret ntdll.NtFsControlFile() retval=00000103 ret=7fc24c18105a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0016:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7fc24c1811cb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c5f0 ret=7f1c8278790a | |
| 0016:Ret ntdll.RtlAllocateHeap() retval=0004b140 ret=7fc24c1811cb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0016:Call KERNEL32.WaitForMultipleObjectsEx(00000002,0004b140,00000000,ffffffff,00000001,) ret=7fc24c186763 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c620 ret=7f1c8278790a | |
| 0016:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7fc24c186763 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0016:Call ntdll.RtlReAllocateHeap(00010000,00000000,0004b140,00000010,) ret=7fc24c1810fc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c650 ret=7f1c82787ccc | |
| 0016:Ret ntdll.RtlReAllocateHeap() retval=0004b140 ret=7fc24c1810fc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0016:Call KERNEL32.SetEvent(00000078,) ret=7fc24c179954 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c690 ret=7f1c8278790a | |
| 0016:Ret KERNEL32.SetEvent() retval=00000001 ret=7fc24c179954 | |
| 0011:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fc24c179c18 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0016:Call KERNEL32.WaitForMultipleObjectsEx(00000002,0004b140,00000000,ffffffff,00000001,) ret=7fc24c186763 | |
| 0011:Call KERNEL32.ReleaseMutex(00000074,) ret=7fc24c179c21 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c6c0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7fc24c179c21 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.RpcServerRegisterIfEx() retval=00000000 ret=7fc24385ecc0 | |
| 0015:err:module:attach_dlls Importing dlls for L"C:\\windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe" failed, status c0000135 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c6f0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,000000b0,) ret=7fc24387991d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b170 ret=7fc24387991d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c720 ret=7f1c82787ccc | |
| 0011:Call KERNEL32.InitializeCriticalSection(0004b190,) ret=7fc243879946 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fc243879946 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c760 ret=7f1c8278790a | |
| 0011:Call KERNEL32.FindActCtxSectionGuid(00000000,00000000,00000005,7fc24390a130,0023e780,) ret=7fc24381b524 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.FindActCtxSectionGuid() retval=00000000 ret=7fc24381b524 | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000001 ret=7f9c25144d42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c790 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e640,0023e7f0 L"Interface\\{6D5140C1-7436-11CE-8034-00AA006009FA}\\ProxyStubClsid32",) ret=7fc24381822b | |
| 000f:Call KERNEL32.CancelIo(00000094,) ret=7f9c25144de3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c7c0 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=00000082 ret=7fc24381822b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.CancelIo() retval=00000001 ret=7f9c25144de3 | |
| 0011:Call ntdll.NtOpenKey(0023e6c8,00020019,0023e650,) ret=7fc24381823a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c7f0 ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000040,) ret=7f9c25144aa0 | |
| 0011:Ret ntdll.NtOpenKey() retval=00000000 ret=7fc24381823a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c25144aa0 | |
| 0011:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fc243818241 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c830 ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000008e,) ret=7f9c2513e9bc | |
| 0011:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fc243818241 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022ea0 ret=7f9c2513e9bc | |
| 0011:Call advapi32.RegQueryValueExW(00000084,00000000,00000000,00000000,0023e6d0,0023e6c4,) ret=7fc24381a8d3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c860 ret=7f1c8278790a | |
| 000f:Call KERNEL32.WriteFile(00000094,00022ea0,0000008e,0023faac,0023fab0,) ret=7f9c2513ea71 | |
| 0011:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fc24381a8d3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WriteFile() retval=00000000 ret=7f9c2513ea71 | |
| 0011:Call advapi32.RegCloseKey(00000084,) ret=7fc24381a8e9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c890 ret=7f1c8278790a | |
| 000f:err:service:process_send_command service protocol error - failed to write pipe! | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24381a8e9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022ea0,) ret=7f9c2513eae3 | |
| 0011:Call KERNEL32.FindActCtxSectionGuid(00000001,00000000,00000004,0023e9a0,0023e7e0,) ret=7fc24381beaf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c8c0 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2513eae3 | |
| 0011:Ret KERNEL32.FindActCtxSectionGuid() retval=00000000 ret=7fc24381beaf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022140,) ret=7f9c25144bbf | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e640,0023e6d0 L"CLSID\\{B8DA6310-E19B-11D0-933C-00A0C90DCAA9}",) ret=7fc24381822b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c900 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144bbf | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=00000058 ret=7fc24381822b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.TerminateProcess(000000a4,00000000,) ret=7f9c25143b6c | |
| 0011:Call ntdll.NtOpenKey(0023e6c8,00020019,0023e650,) ret=7fc24381823a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c930 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.TerminateProcess() retval=00000001 ret=7f9c25143b6c | |
| 0011:Ret ntdll.NtOpenKey() retval=00000000 ret=7fc24381823a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.ReleaseMutex(0000008c,) ret=7f9c25144c15 | |
| 0011:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fc243818241 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c960 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7f9c25144c15 | |
| 0011:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fc243818241 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.CloseHandle(000000a4,) ret=7f9c2514316d | |
| 0011:Call ntdll.RtlInitUnicodeString(0023e640,7fc2438f62c0 L"InprocServer32",) ret=7fc24381822b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c990 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c2514316d | |
| 0011:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fc24381822b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(0000008c,) ret=7f9c25143176 | |
| 0011:Call ntdll.NtOpenKey(0023e7e0,00020019,0023e650,) ret=7fc24381823a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004c9d0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143176 | |
| 0011:Ret ntdll.NtOpenKey() retval=00000000 ret=7fc24381823a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(00000094,) ret=7f9c2514317f | |
| 0011:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fc243818241 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ca00 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c2514317f | |
| 0011:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fc243818241 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(00000090,) ret=7f9c25143188 | |
| 0011:Call advapi32.RegCloseKey(00000084,) ret=7fc24381acdd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ca30 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143188 | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24381acdd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022190,) ret=7f9c2514319f | |
| 0011:Call advapi32.RegQueryValueExW(00000088,00000000,00000000,0023e278,0023e280,0023e27c,) ret=7fc243816a5d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ca60 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514319f | |
| 0011:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fc243816a5d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 000f:fixme:service:scmdatabase_autostart_services Auto-start service L"clr_optimization_v4.0.30319_32" failed to start: 1053 | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7fc243815156 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004caa0 ret=7f1c8278790a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(0001f700 L"C:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe",00000000,00000000,) ret=7f9c25143c61 | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b270 ret=7fc243815156 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=0000003d ret=7f9c25143c61 | |
| 0011:Call KERNEL32.LoadLibraryExW(0023e510 L"C:\\windows\\system32\\actxprxy.dll",00000000,00000008,) ret=7fc2438152fa | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cad0 ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000007a,) ret=7f9c25143c7e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c25143c7e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cb00 ret=7f1c8278790a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(0001f700 L"C:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe",00022140,0000003d,) ret=7f9c25143ca1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=0000003d ret=7f9c25143ca1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cb30 ret=7f1c82787ccc | |
| 000f:Call KERNEL32.GetSystemDirectoryW(0023f8e0,00000104,) ret=7f9c25143f79 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f9c25143f79 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cb70 ret=7f1c8278790a | |
| 000f:Call advapi32.RegQueryValueExW(00000024,00000000,00000000,0023f870,0023f850,0023f848,) ret=7f9c25143d05 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25143d05 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cba0 ret=7f1c8278790a | |
| 000f:Call advapi32.RegSetValueExW(00000024,00000000,00000000,00000004,7f9c2535f230,00000004,) ret=7f9c25143d3d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret advapi32.RegSetValueExW() retval=00000000 ret=7f9c25143d3d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cbd0 ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f9c25143d84 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022ea0 ret=7f9c25143d84 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cc00 ret=7f1c82787ccc | |
| 000f:Call KERNEL32.CreateMutexW(00000000,00000001,00000000,) ret=7f9c25143dae | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateMutexW() retval=0000008c ret=7f9c25143dae | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cc40 ret=7f1c8278790a | |
| 000f:Call KERNEL32.CreateNamedPipeW(7f9c2535f1e0 L"\\\\.\\pipe\\net\\NtControlPipe1",40000003,00000000,00000001,00000100,00000100,00002710,00000000,) ret=7f9c25143e15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateNamedPipeW() retval=00000094 ret=7f9c25143e15 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cc70 ret=7f1c8278790a | |
| 0011:Call PE DLL (proc=0x7fc2431c68a0,module=0x7fc2430f0000 L"oleaut32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000f:Call KERNEL32.ResetEvent(00000034,) ret=7f9c25143e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetEnvironmentVariableW(7fc2431c98b0 L"oanocache",00000000,00000000,) ret=7fc243107799 | |
| 000f:Ret KERNEL32.ResetEvent() retval=00000001 ret=7f9c25143e85 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cca0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetEnvironmentVariableW() retval=00000000 ret=7fc243107799 | |
| 000f:Call KERNEL32.CreateProcessW(00000000,00022140 L"C:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe",00000000,00000000,00000000,00000400,00350000,00000000,0023f870,0023f850,) ret=7f9c25143f02 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call KERNEL32.DisableThreadLibraryCalls(7fc2430f0000,) ret=7fc243167f75 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ccd0 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fc243167f75 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0011:Ret PE DLL (proc=0x7fc2431c68a0,module=0x7fc2430f0000 L"oleaut32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cd10 ret=7f1c8278790a | |
| 0011:Call PE DLL (proc=0x7fc243587780,module=0x7fc243480000 L"actxprxy.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.DisableThreadLibraryCalls(7fc243480000,) ret=7fc24348ebd5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cd40 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fc24348ebd5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret PE DLL (proc=0x7fc243587780,module=0x7fc243480000 L"actxprxy.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cd70 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.LoadLibraryExW() retval=7fc243480000 ret=7fc2438152fa | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call KERNEL32.GetProcAddress(7fc243480000,7fc2438f49ca "DllCanUnloadNow",) ret=7fc243815321 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cda0 ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc24348d420 ret=7fc243815321 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000024,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.GetProcAddress(7fc243480000,7fc2438f49da "DllGetClassObject",) ret=7fc243815337 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cde0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GetProcAddress() retval=7fc24348d430 ret=7fc243815337 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fc243815413 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ce20 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b2a0 ret=7fc243815413 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000042,) ret=7fc243815455 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ce50 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b2f0 ret=7fc243815455 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call actxprxy.DllGetClassObject(0023e9a0,7fc24390a630,0023e998,) ret=7fc2438150f6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ce80 ret=7f1c82787ccc | |
| 0011:Call rpcrt4.NdrDllGetClassObject(0023e9a0,7fc24390a630,0023e998,7fc2437ce980,7fc243590a30,7fc2437cf600,) ret=7fc24348eb41 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.VirtualAlloc(00000000,00004000,00003000,00000040,) ret=7fc24c14a622 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cec0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.VirtualAlloc() retval=004b0000 ret=7fc24c14a622 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.VirtualProtect(004b0000,00004000,00000020,0023e124,) ret=7fc24c14a67d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cef0 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.VirtualProtect() retval=00000001 ret=7fc24c14a67d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.NdrDllGetClassObject() retval=00000000 ret=7fc24348eb41 | |
| 0011:Ret actxprxy.DllGetClassObject() retval=00000000 ret=7fc2438150f6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cf20 ret=7f1c8278790a | |
| 0011:Call advapi32.RegCloseKey(00000088,) ret=7fc24381c35c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret advapi32.RegCloseKey() retval=00000000 ret=7fc24381c35c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cf50 ret=7f1c82787ccc | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7fc24c14b0a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004b350 ret=7fc24c14b0a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cf90 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7fc24387900f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004d320 ret=7fc24387900f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cfc0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fc24385ddfb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004d380 ret=7fc24385ddfb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004cff0 ret=7f1c8278790a | |
| 0011:Call rpcrt4.CStdStubBuffer_AddRef(0004b350,) ret=7fc24387906e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret rpcrt4.CStdStubBuffer_AddRef() retval=00000002 ret=7fc24387906e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d020 ret=7f1c82787ccc | |
| 0011:Call rpcrt4.UuidCreate(0004d348,) ret=7fc243879188 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0011:Call advapi32.SystemFunction036(0004d348,00000010,) ret=7fc24c188adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d060 ret=7f1c8278790a | |
| 0011:Ret advapi32.SystemFunction036() retval=00000001 ret=7fc24c188adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.UuidCreate() retval=00000000 ret=7fc243879188 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d090 ret=7f1c8278790a | |
| 0011:Call rpcrt4.NdrCStdStubBuffer_Release(0004b350,7fc2437cf600,) ret=7fc24348eb88 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.NdrCStdStubBuffer_Release() retval=00000001 ret=7fc24348eb88 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d0c0 ret=7f1c8278790a | |
| 0018:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000078,) ret=7fc24385ec6e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004d3b0 ret=7fc24385ec6e | |
| 0018:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d0f0 ret=7f1c82787ccc | |
| 0011:Call rpcrt4.RpcServerRegisterIfEx(0004d3c8,00000000,00000000,00000003,000004d2,00000000,) ret=7fc24385ecc0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000008,00000060,) ret=7fc24c17c7ee | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d130 ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004d440 ret=7fc24c17c7ee | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.WaitForSingleObject(00000074,ffffffff,) ret=7fc24c179bf6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d160 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fc24c179bf6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.SetEvent(00000068,) ret=7fc24c17fb70 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d190 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.SetEvent() retval=00000001 ret=7fc24c17fb70 | |
| 0016:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000000 ret=7fc24c186763 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call KERNEL32.WaitForSingleObject(00000078,ffffffff,) ret=7fc24c179c18 | |
| 0016:Call ntdll.RtlReAllocateHeap(00010000,00000000,0004b140,00000010,) ret=7fc24c1810fc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d1c0 ret=7f1c82787ccc | |
| 0016:Ret ntdll.RtlReAllocateHeap() retval=0004b140 ret=7fc24c1810fc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0016:Call KERNEL32.SetEvent(00000078,) ret=7fc24c179954 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d200 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fc24c179c18 | |
| 0016:Ret KERNEL32.SetEvent() retval=00000001 ret=7fc24c179954 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call KERNEL32.ReleaseMutex(00000074,) ret=7fc24c179c21 | |
| 0016:Call KERNEL32.WaitForMultipleObjectsEx(00000002,0004b140,00000000,ffffffff,00000001,) ret=7fc24c186763 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d230 ret=7f1c8278790a | |
| 0011:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7fc24c179c21 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret rpcrt4.RpcServerRegisterIfEx() retval=00000000 ret=7fc24385ecc0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d260 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GlobalReAlloc(0004a9e2,00000040,00000000,) ret=7fc24383d9ca | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret KERNEL32.GlobalReAlloc() retval=0004a9e2 ret=7fc24383d9ca | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d290 ret=7f1c82787ccc | |
| 0011:Call KERNEL32.GlobalLock(0004a9e2,) ret=7fc24383db36 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GlobalLock() retval=0004d4c0 ret=7fc24383db36 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d2d0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.GlobalUnlock(0004a9e2,) ret=7fc24383db61 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.GlobalUnlock() retval=00000000 ret=7fc24383db61 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d300 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlFreeHeap(00010000,00000000,0004aa10,) ret=7fc243842ba3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fc243842ba3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d330 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7fc24383dfad | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004aa10 ret=7fc24383dfad | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d360 ret=7f1c82787ccc | |
| 0011:Call KERNEL32.GlobalSize(0004a9e2,) ret=7fc24383dfea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 0018:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 0011:Ret KERNEL32.GlobalSize() retval=00000040 ret=7fc24383dfea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d3a0 ret=7f1c8278790a | |
| 0011:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fc24385fe28 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret ntdll.RtlAllocateHeap() retval=0004d510 ret=7fc24385fe28 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d3d0 ret=7f1c8278790a | |
| 0011:Call KERNEL32.CreateNamedPipeW(0023ec30 L"\\\\.\\pipe\\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}",40000003,00000000,000000ff,00001000,00001000,000001f4,00000000,) ret=7fc24385fee7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.CreateNamedPipeW() retval=00000088 ret=7fc24385fee7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d400 ret=7f1c8278790a | |
| 0011:Call KERNEL32.CreateThread(00000000,00000000,7fc24385bdd0,0004d510,00000000,0023ec2c,) ret=7fc24385ff14 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d430 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 0011:Ret KERNEL32.CreateThread() retval=0000008c ret=7fc24385ff14 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d470 ret=7f1c8278790a | |
| 0019:Call PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 0011:Ret ole32.CoRegisterClassObject() retval=00000000 ret=7fc24c4dee86 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0019:Ret PE DLL (proc=0x7fc24c18cc70,module=0x7fc24c140000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d4a0 ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 0019:Call PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 0019:Ret PE DLL (proc=0x7fc24bb31370,module=0x7fc24ba80000 L"user32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d4d0 ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010032) | |
| 0019:Call PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call user32.GetForegroundWindow() ret=7fc24c4e2718 | |
| 0019:Ret PE DLL (proc=0x7fc24a742ea0,module=0x7fc24a730000 L"imm32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d500 ret=7f1c82787ccc | |
| 0011:Ret user32.GetForegroundWindow() retval=00010020 ret=7fc24c4e2718 | |
| 0019:Call PE DLL (proc=0x7fc2438f1a40,module=0x7fc243800000 L"ole32.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0011:Call user32.GetAncestor(00010020,00000003,) ret=7fc24c4e2725 | |
| 0019:Ret PE DLL (proc=0x7fc2438f1a40,module=0x7fc243800000 L"ole32.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d540 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7f9c25143f02 | |
| 0011:Ret user32.GetAncestor() retval=00000000 ret=7fc24c4e2725 | |
| 0019:Starting thread proc 0x7fc24385bdd0 (arg=0x4d510) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022140,) ret=7f9c25143f1f | |
| 0011:Call user32.IsWindowVisible(00010030,) ret=7fc24c4e2734 | |
| 0019:Call KERNEL32.ConnectNamedPipe(00000088,005bfbb0,) ret=7fc24385c051 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d570 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143f1f | |
| 0011:Ret user32.IsWindowVisible() retval=00000000 ret=7fc24c4e2734 | |
| 0019:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7fc24385c051 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(000000a8,) ret=7f9c25143f4d | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010032) retval=00000000 | |
| 0019:Call KERNEL32.WaitForMultipleObjects(00000002,005bfbd0,00000000,ffffffff,) ret=7fc24385c1d6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d5a0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143f4d | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ConnectNamedPipe(00000094,0023fb50,) ret=7f9c251449c6 | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d5d0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7f9c251449c6 | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023fb70,00000000,00002710,) ret=7f9c25144d42 | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d610 ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010030) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.GetForegroundWindow() ret=7fc24c4e2718 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d640 ret=7f1c8278790a | |
| 0011:Ret user32.GetForegroundWindow() retval=00010020 ret=7fc24c4e2718 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.GetAncestor(00010020,00000003,) ret=7fc24c4e2725 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d670 ret=7f1c8278790a | |
| 0011:Ret user32.GetAncestor() retval=00000000 ret=7fc24c4e2725 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call user32.IsWindowVisible(00010030,) ret=7fc24c4e2734 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d6a0 ret=7f1c82787ccc | |
| 0011:Ret user32.IsWindowVisible() retval=00000000 ret=7fc24c4e2734 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010030) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d6e0 ret=7f1c8278790a | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d710 ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d740 ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010036) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call user32.GetForegroundWindow() ret=7fc24c4e2718 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d770 ret=7f1c82787ccc | |
| 0011:Ret user32.GetForegroundWindow() retval=00010020 ret=7fc24c4e2718 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0011:Call user32.GetAncestor(00010020,00000003,) ret=7fc24c4e2725 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d7b0 ret=7f1c8278790a | |
| 0011:Ret user32.GetAncestor() retval=00000000 ret=7fc24c4e2725 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.IsWindowVisible(00010030,) ret=7fc24c4e2734 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d7e0 ret=7f1c8278790a | |
| 0011:Ret user32.IsWindowVisible() retval=00000000 ret=7fc24c4e2734 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010036) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d810 ret=7f1c8278790a | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d840 ret=7f1c82787ccc | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002b,) ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d880 ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_USER+512,wp=0000c020,lp=0000c021) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d8c0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_USER+512,wp=0000c020,lp=0000c021) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d8f0 ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d920 ret=7f1c82787ccc | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010038) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d960 ret=7f1c8278790a | |
| 0011:Call user32.GetForegroundWindow() ret=7fc24c4e2718 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Ret user32.GetForegroundWindow() retval=00010020 ret=7fc24c4e2718 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d990 ret=7f1c8278790a | |
| 0011:Call user32.GetAncestor(00010020,00000003,) ret=7fc24c4e2725 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0011:Ret user32.GetAncestor() retval=00000000 ret=7fc24c4e2725 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d9c0 ret=7f1c8278790a | |
| 0011:Call user32.IsWindowVisible(00010030,) ret=7fc24c4e2734 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret user32.IsWindowVisible() retval=00000000 ret=7fc24c4e2734 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004d9f0 ret=7f1c82787ccc | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010038) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004da30 ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004da60 ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_USER+512,wp=0000c024,lp=0000c025) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004da90 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_USER+512,wp=0000c024,lp=0000c025) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dac0 ret=7f1c82787ccc | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 0018:err:module:import_dll Library MSVCR110_CLR0400.dll (which is needed by L"C:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe") not found | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004db00 ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004db30 ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010040) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.GetForegroundWindow() ret=7fc24c4e2718 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004db60 ret=7f1c8278790a | |
| 0011:Ret user32.GetForegroundWindow() retval=00010020 ret=7fc24c4e2718 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call user32.GetAncestor(00010020,00000003,) ret=7fc24c4e2725 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004db90 ret=7f1c82787ccc | |
| 0011:Ret user32.GetAncestor() retval=00000000 ret=7fc24c4e2725 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0011:Call user32.IsWindowVisible(00010030,) ret=7fc24c4e2734 | |
| 0018:err:module:import_dll Library mscoree.dll (which is needed by L"C:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe") not found | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dbd0 ret=7f1c8278790a | |
| 0011:Ret user32.IsWindowVisible() retval=00000000 ret=7fc24c4e2734 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010040) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dc00 ret=7f1c8278790a | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dc30 ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dc60 ret=7f1c82787ccc | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_USER+512,wp=0000c026,lp=0000c027) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dca0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_USER+512,wp=0000c026,lp=0000c027) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dcd0 ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dd00 ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010042) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dd30 ret=7f1c82787ccc | |
| 0011:Call user32.GetForegroundWindow() ret=7fc24c4e2718 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0011:Ret user32.GetForegroundWindow() retval=00010020 ret=7fc24c4e2718 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dd70 ret=7f1c8278790a | |
| 0011:Call user32.GetAncestor(00010020,00000003,) ret=7fc24c4e2725 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret user32.GetAncestor() retval=00000000 ret=7fc24c4e2725 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dda0 ret=7f1c8278790a | |
| 0011:Call user32.IsWindowVisible(00010030,) ret=7fc24c4e2734 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret user32.IsWindowVisible() retval=00000000 ret=7fc24c4e2734 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ddd0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PARENTNOTIFY,wp=00000001,lp=00010042) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004de00 ret=7f1c82787ccc | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0011:Ret user32.GetMessageW() retval=00000001 ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004de40 ret=7f1c8278790a | |
| 0011:Call user32.DispatchMessageW(0023ef70,) ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PAINT,wp=00000000,lp=00000000) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004de70 ret=7f1c8278790a | |
| 0011:Call user32.BeginPaint(00010020,0023e9e0,) ret=7fc24c4d0311 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dea0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ded0 ret=7f1c82787ccc | |
| 0011:Call winex11.drv.GetDC(00020048,00010020,00010020,0023e4c0,0023e4d0,0000009a,) ret=7fc24baf9e55 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0011:Ret winex11.drv.GetDC() retval=00000000 ret=7fc24baf9e55 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004df10 ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_ERASEBKGND,wp=00020048,lp=00000000) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_ERASEBKGND,wp=00020048,lp=00000000) retval=00000001 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004df40 ret=7f1c8278790a | |
| 0011:Ret user32.BeginPaint() retval=00020048 ret=7fc24c4d0311 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call user32.EndPaint(00010020,0023e9e0,) ret=7fc24c4d04e2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004df70 ret=7f1c8278790a | |
| 0011:Ret user32.EndPaint() retval=00000001 ret=7fc24c4d04e2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret window proc 0x7fc24c4d0010 (hwnd=0x10020,msg=WM_PAINT,wp=00000000,lp=00000000) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dfa0 ret=7f1c82787ccc | |
| 0011:Ret user32.DispatchMessageW() retval=00000000 ret=7fc24c4deeb4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 0011:Call user32.GetMessageW(0023ef70,00000000,00000000,00000000,) ret=7fc24c4deecc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004dfe0 ret=7f1c8278790a | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e010 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e040 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e070 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e0b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e0e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e110 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e140 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e180 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e1b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e1e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e210 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e250 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e280 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e2b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e2e0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e320 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e350 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e380 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e3b0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e3f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e420 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e450 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e480 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e4c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e4f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e520 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e550 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e590 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e5c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e5f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e620 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e660 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e690 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e6c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e6f0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e730 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e760 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e790 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e7c0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e800 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e830 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e860 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e890 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e8d0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e900 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e930 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e960 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e9a0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004e9d0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ea00 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ea30 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ea70 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eaa0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ead0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eb00 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eb40 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eb70 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eba0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ebd0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ec10 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ec40 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ec70 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eca0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ece0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ed10 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ed40 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ed70 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004edb0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ede0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ee10 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ee40 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0018:err:module:attach_dlls Importing dlls for L"C:\\windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe" failed, status c0000135 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ee80 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eeb0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004eee0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ef10 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ef50 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ef80 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000001 ret=7f9c25144d42 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CancelIo(00000094,) ret=7f9c25144de3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004efb0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004efe0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.CancelIo() retval=00000001 ret=7f9c25144de3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000036,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000040,) ret=7f9c25144aa0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f020 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c25144aa0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000008e,) ret=7f9c2513e9bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f070 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022f00 ret=7f9c2513e9bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.WriteFile(00000094,00022f00,0000008e,0023faac,0023fab0,) ret=7f9c2513ea71 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f0a0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WriteFile() retval=00000000 ret=7f9c2513ea71 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:err:service:process_send_command service protocol error - failed to write pipe! | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f0d0 ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022f00,) ret=7f9c2513eae3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002f,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2513eae3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f110 ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022140,) ret=7f9c25144bbf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144bbf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f150 ret=7f1c8278790a | |
| 000f:Call KERNEL32.TerminateProcess(000000a4,00000000,) ret=7f9c25143b6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.TerminateProcess() retval=00000001 ret=7f9c25143b6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f180 ret=7f1c8278790a | |
| 000f:Call KERNEL32.ReleaseMutex(0000008c,) ret=7f9c25144c15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7f9c25144c15 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f1b0 ret=7f1c82787ccc | |
| 000f:Call KERNEL32.CloseHandle(000000a4,) ret=7f9c2514316d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c2514316d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f1f0 ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(0000008c,) ret=7f9c25143176 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143176 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f220 ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(00000094,) ret=7f9c2514317f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c2514317f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f250 ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(00000090,) ret=7f9c25143188 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143188 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f280 ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022ea0,) ret=7f9c2514319f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2514319f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f2c0 ret=7f1c8278790a | |
| 000f:fixme:service:scmdatabase_autostart_services Auto-start service L"clr_optimization_v4.0.30319_64" failed to start: 1053 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(000202a0 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00000000,00000000,) ret=7f9c25143c61 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f2f0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7f9c25143c61 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000052,) ret=7f9c25143c7e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f320 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c25143c7e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(000202a0 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00022140,00000029,) ret=7f9c25143ca1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f350 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7f9c25143ca1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000032,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.GetBinaryTypeW(00022140 L"C:\\windows\\system32\\drivers\\mountmgr.sys",0023f870,) ret=7f9c251440f4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f390 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f3e0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.GetBinaryTypeW() retval=00000001 ret=7f9c251440f4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.GetSystemDirectoryW(0023f8e0,00000104,) ret=7f9c2514426e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f410 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f9c2514426e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022140,) ret=7f9c25144285 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f440 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144285 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000034,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000046,) ret=7f9c251442cf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f480 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c251442cf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f4d0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022ea0 ret=7f9c25142903 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f500 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000221a0 ret=7f9c25144e48 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000046,) ret=7f9c25144e48 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f530 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022f90 ret=7f9c25144e48 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f570 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022ff0 ret=7f9c25144e48 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f5a0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023020 ret=7f9c25144e48 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022140,) ret=7f9c251447ea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f5d0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251447ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(00022f90 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,) ret=7f9c25143c61 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f600 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7f9c25143c61 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000035,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000046,) ret=7f9c25143c7e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f640 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c25143c7e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(00022f90 L"C:\\windows\\system32\\winedevice.exe",00022140,00000023,) ret=7f9c25143ca1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f690 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7f9c25143ca1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call advapi32.RegQueryValueExW(00000024,00000000,00000000,0023f4c0,0023f4a0,0023f498,) ret=7f9c25143d05 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f6c0 ret=7f1c8278790a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25143d05 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call advapi32.RegSetValueExW(00000024,00000000,00000000,00000004,7f9c2535f230,00000004,) ret=7f9c25143d3d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f6f0 ret=7f1c82787ccc | |
| 000f:Ret advapi32.RegSetValueExW() retval=00000000 ret=7f9c25143d3d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f9c25143d84 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f730 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00022230 ret=7f9c25143d84 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CreateMutexW(00000000,00000001,00000000,) ret=7f9c25143dae | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f760 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateMutexW() retval=00000090 ret=7f9c25143dae | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CreateNamedPipeW(7f9c2535f1e0 L"\\\\.\\pipe\\net\\NtControlPipe2",40000003,00000000,00000001,00000100,00000100,00002710,00000000,) ret=7f9c25143e15 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f790 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateNamedPipeW() retval=00000098 ret=7f9c25143e15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ResetEvent(0000008c,) ret=7f9c25143e85 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f7c0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ResetEvent() retval=00000001 ret=7f9c25143e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000042,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CreateProcessW(00000000,00022140 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,00000000,00000400,00350000,00000000,0023f4c0,0023f4a0,) ret=7f9c25143f02 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f800 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f860 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f890 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f8c0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f900 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f940 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f970 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f9a0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004f9e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fa10 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fa40 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fa70 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fab0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fae0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fb10 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fb40 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fb80 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fbb0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fbe0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fc10 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000039,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fc50 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fca0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fcd0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fd00 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fd40 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fd90 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fdc0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fdf0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000031,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fe30 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fe80 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004feb0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fee0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ff20 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ff50 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001b:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ff80 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004ffb0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0004fff0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050020 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050050 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050080 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000500c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000500f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050120 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050150 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000032,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050190 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000501e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050210 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050240 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050280 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000502b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000502e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050310 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050350 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050380 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000503b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000503e0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050420 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050450 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050480 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000504b0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000504f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050520 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050550 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050580 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000505c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000505f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050620 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050650 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000045,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050690 ret=7f1c8278790a | |
| 001b:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000506f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050720 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050750 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050790 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000507d0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050800 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050830 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050870 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000508b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000508e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050910 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050950 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050990 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000509c0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000509f0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050a30 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7f9c25143f02 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00022140,) ret=7f9c25143f1f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050a70 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143f1f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CloseHandle(000000ac,) ret=7f9c25143f4d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050aa0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143f4d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ConnectNamedPipe(00000098,0023f7a0,) ret=7f9c251449c6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050ad0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7f9c251449c6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023f7c0,00000000,00002710,) ret=7f9c25144d42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050b10 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050b40 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050b70 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050ba0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050be0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050c20 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050c50 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050c80 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050cc0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050cf0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050d20 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050d50 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050d90 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050dc0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050df0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050e20 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050e60 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050e90 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050ec0 ret=7f1c8278790a | |
| 001b:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050ef0 ret=7f1c82787ccc | |
| 001b:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 001b:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050f30 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050f60 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050f90 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00050fc0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051000 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051030 ret=7f1c8278790a | |
| 001b:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call PE DLL (proc=0x7fdc37728730,module=0x7fdc376d0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051060 ret=7f1c8278790a | |
| 001b:Ret PE DLL (proc=0x7fdc37728730,module=0x7fdc376d0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call PE DLL (proc=0x7fdc374991f0,module=0x7fdc37480000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051090 ret=7f1c82787ccc | |
| 001b:Call KERNEL32.DisableThreadLibraryCalls(7fdc37480000,) ret=7fdc37496ced | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000510d0 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fdc37496ced | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051100 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAddVectoredExceptionHandler(00000001,7fdc3748ce80,) ret=7fdc37496cfe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051130 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAddVectoredExceptionHandler() retval=000226c0 ret=7fdc37496cfe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051160 ret=7f1c82787ccc | |
| 001b:Call ntdll.NtGetTickCount() ret=7fdc37492f45 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000511a0 ret=7f1c8278790a | |
| 001b:Ret ntdll.NtGetTickCount() retval=0043f0d8 ret=7fdc37492f45 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000511d0 ret=7f1c8278790a | |
| 001b:Ret PE DLL (proc=0x7fdc374991f0,module=0x7fdc37480000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Starting process L"C:\\windows\\system32\\winedevice.exe" (entryproc=0x7fdc37a62400) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051200 ret=7f1c8278790a | |
| 001b:Call advapi32.StartServiceCtrlDispatcherW(0023fcb0,) ret=7fdc37a623da | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051230 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051270 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000512a0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000512d0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051300 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051340 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051370 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000513a0 ret=7f1c8278790a | |
| 001b:Call PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000513d0 ret=7f1c82787ccc | |
| 001b:Ret PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051410 ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrClientInitializeNew(0023f1b0,0023f2f0,7fdc37946c00,0000000f,) ret=7fdc3771f62f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051440 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771f62f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051470 ret=7f1c8278790a | |
| 001b:Call rpcrt4.RpcStringBindingComposeW(00000000,0023f060 L"ncacn_np",00000000,0023f080 L"\\pipe\\svcctl",00000000,0023f050,) ret=7fdc37711ccd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000514a0 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7fdc3721d6d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000514e0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=000227c0 ret=7fdc3721d6d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051510 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7fdc37711ccd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051540 ret=7f1c8278790a | |
| 001b:Call rpcrt4.RpcBindingFromStringBindingW(000227c0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0023f058,) ret=7fdc37711d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051570 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000515b0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022830 ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000515e0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051610 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022860 ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051640 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051680 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022890 ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000516b0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721c268 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000516e0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024b60 ret=7fdc3721c268 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051710 ret=7f1c82787ccc | |
| 001b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022830 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000,) ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051750 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051780 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000517b0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024bf0 ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022830 L"ncacn_np",ffffffff,00024bf0,00000009,00000000,00000000,) ret=7fdc3721c52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000517e0 ret=7f1c82787ccc | |
| 001b:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051820 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37220629 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37220629 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051850 ret=7f1c8278790a | |
| 001b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022860 L"",ffffffff,00000000,00000000,00000000,00000000,) ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051880 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000518b0 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000518f0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024c20 ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051920 ret=7f1c8278790a | |
| 001b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022860 L"",ffffffff,00024c20,00000001,00000000,00000000,) ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051950 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051980 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37220659 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000519c0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37220659 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000519f0 ret=7f1c8278790a | |
| 001b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022890 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000,) ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051a20 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051a50 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051a90 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024c50 ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051ac0 ret=7f1c8278790a | |
| 001b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022890 L"\\pipe\\svcctl",ffffffff,00024c50,0000000d,00000000,00000000,) ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051af0 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051b20 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37220689 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051b60 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37220689 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051b90 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000098,) ret=7fdc3721a827 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051bc0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024c80 ret=7fdc3721a827 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051bf0 ret=7f1c82787ccc | |
| 001b:Call KERNEL32.InitializeCriticalSection(00024cd0,) ret=7fdc3721a874 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051c30 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fdc3721a874 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051c60 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051c90 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024d70 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051cc0 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024da0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051d00 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024dd0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051d30 ret=7f1c8278790a | |
| 001b:Call advapi32.SystemFunction036(00024cbc,00000010,) ret=7fdc37237adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051d60 ret=7f1c8278790a | |
| 001b:Ret advapi32.SystemFunction036() retval=00000001 ret=7fdc37237adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051d90 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051dd0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051e00 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022890,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051e30 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051e60 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022860,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051ea0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051ed0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022830,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051f00 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051f30 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051f70 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051fa0 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7fdc37711d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call rpcrt4.RpcStringFreeW(0023f050,) ret=7fdc37711d4d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00051fd0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,000227c0,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052000 ret=7f1c82787ccc | |
| 001b:Ret rpcrt4.RpcStringFreeW() retval=00000000 ret=7fdc37711d4d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052040 ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrPointerBufferSize(0023f2f0,00000000,7fdc37731f6c,) ret=7fdc3771f65c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052070 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7fdc3771f65c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrPointerBufferSize(0023f2f0,00000000,7fdc37732450,) ret=7fdc3771f66e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000520a0 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7fdc3771f66e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call rpcrt4.NdrGetBuffer(0023f2f0,00000010,00024b60,) ret=7fdc3771f685 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000520d0 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052110 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=000227c0 ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052140 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7fdc3722e921 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052170 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024e00 ret=7fdc3722e921 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000521a0 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000521e0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=000227f0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052210 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022820 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052240 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052270 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000522b0 ret=7f1c8278790a | |
| 001b:Call KERNEL32.CreateFileA(00022850 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,40000000,00000000,) ret=7fdc3722f8cd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000522e0 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.CreateFileA() retval=00000004 ret=7fdc3722f8cd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052310 ret=7f1c8278790a | |
| 001b:Call KERNEL32.SetNamedPipeHandleState(00000004,0023ec74,00000000,00000000,) ret=7fdc3722fa4f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052340 ret=7f1c82787ccc | |
| 0013:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7f9c24df2763 | |
| 001b:Ret KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7fdc3722fa4f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052380 ret=7f1c8278790a | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f9c24deb921 | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00022290 ret=7f9c24deb921 | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000523b0 ret=7f1c8278790a | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37224f0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00022140 ret=7f9c24dd9498 | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7fdc37224f0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000523e0 ret=7f1c8278790a | |
| 0013:Call KERNEL32.CreateNamedPipeA(00021f10 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000,) ret=7f9c24decedf | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7fdc37237082 | |
| 0013:Ret KERNEL32.CreateNamedPipeA() retval=000000a0 ret=7f9c24decedf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024f30 ret=7fdc37237082 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24def4ac | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052410 ret=7f1c82787ccc | |
| 001b:Call KERNEL32.InitializeCriticalSection(00024f40,) ret=7fdc3723709b | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=000223c0 ret=7f9c24def4ac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052450 ret=7f1c8278790a | |
| 001b:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fdc3723709b | |
| 0013:Call KERNEL32.GetComputerNameA(000223c0,0033fc44,) ret=7f9c24def4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052480 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000524b0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7fdc37225cf1 | |
| 0013:Ret KERNEL32.GetComputerNameA() retval=00000001 ret=7f9c24def4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000524e0 ret=7f1c82787ccc | |
| 001b:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0023ebc0,00024fe0,00000048,00000000,00000000,) ret=7fdc3722fc6c | |
| 0013:Call KERNEL32.CreateThread(00000000,00000000,7f9c24de7280,00022290,00000000,00000000,) ret=7f9c24de79e4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052520 ret=7f1c8278790a | |
| 001b:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7fdc37225d43 | |
| 0013:Ret KERNEL32.CreateThread() retval=000000a4 ret=7f9c24de79e4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052550 ret=7f1c8278790a | |
| 001c:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 0013:Call KERNEL32.CloseHandle(000000a4,) ret=7f9c24de79fc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001c:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7fdc372253ab | |
| 0013:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24de79fc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052580 ret=7f1c8278790a | |
| 001c:Starting thread proc 0x7f9c24de7280 (arg=0x22290) | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372253ab | |
| 0013:Call ntdll.NtFsControlFile(000000a0,00000084,00000000,00000000,00021ea8,00110008,00000000,00000000,00000000,00000000,) ret=7f9c24ded05a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0023ebe0,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 0013:Ret ntdll.NtFsControlFile() retval=00000103 ret=7f9c24ded05a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000525b0 ret=7f1c82787ccc | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de73b1 | |
| 001b:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 0013:Call ntdll.RtlReAllocateHeap(00010000,00000000,00021c70,00000010,) ret=7f9c24ded0fc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f9c24df4082 | |
| 001b:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7fdc3722fe5b | |
| 0013:Ret ntdll.RtlReAllocateHeap() retval=00021c70 ret=7f9c24ded0fc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000525f0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022450 ret=7f9c24df4082 | |
| 0013:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00021c70,00000000,ffffffff,00000001,) ret=7f9c24df2763 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001c:Call KERNEL32.InitializeCriticalSection(00022460,) ret=7f9c24df409b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052620 ret=7f1c8278790a | |
| 001c:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24df409b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052650 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052680 ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022500 ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000526c0 ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00022510,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000526f0 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24de4006 | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022530 ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00022530,0000002c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052720 ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052750 ret=7f1c82787ccc | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022570 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00022530,) ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052790 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de6d24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000527d0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022530 ret=7f9c24de6d24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f9c24dd9268 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052800 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000225b0 ret=7f9c24dd9268 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052830 ret=7f1c82787ccc | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022640 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052870 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023080 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000528a0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000230b0 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000098,) ret=7f9c24dd7827 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000528d0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000230e0 ret=7f9c24dd7827 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call KERNEL32.InitializeCriticalSection(00023130,) ret=7f9c24dd7874 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052900 ret=7f1c82787ccc | |
| 001c:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24dd7874 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052940 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000231d0 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052970 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023200 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000529a0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023230 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call advapi32.SystemFunction036(0002311c,00000010,) ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000529d0 ret=7f1c82787ccc | |
| 001c:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2061 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052a10 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24de2061 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00022530,) ret=7f9c24de6f0a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052a50 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de6f0a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052a80 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000232c0 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.NtWriteFile(00000070,000000a4,00000000,00000000,0045fb60,000232c0,00000044,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052ab0 ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c8278790a | |
| 001b:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,000232c0,) ret=7f9c24de2d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052af0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022890 ret=7fdc37226f74 | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052b30 ret=7f1c8278790a | |
| 001b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000228a0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00022570,) ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052b60 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc37227006 | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7fdc37227006 | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00022500,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052b90 ret=7f1c82787ccc | |
| 001b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00022850,0000002c,00000000,00000000,) ret=7fdc3722fdec | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001b:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de7372 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052bd0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc37238de6 | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7372 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7fdc37238de6 | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de738b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052c00 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7fdc372271a4 | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de738b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052c30 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7fdc37238e13 | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de73b1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052c60 ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022890,) ret=7fdc372253ab | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372253ab | |
| 001c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052ca0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3721b44a | |
| 001c:Call KERNEL32.WaitForSingleObject(000000a4,ffffffff,) ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721b44a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052cd0 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrGetBuffer() retval=000227c0 ret=7fdc3771f685 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrPointerMarshall(0023f2f0,00000000,7fdc37731f6c,) ret=7fdc3771f697 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052d00 ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7fdc3771f697 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call rpcrt4.NdrPointerMarshall(0023f2f0,00000000,7fdc37732450,) ret=7fdc3771f6a9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052d30 ret=7f1c82787ccc | |
| 001b:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7fdc3771f6a9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrSendReceive(0023f2f0,000227cc,) ret=7fdc3771f70f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052d70 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052da0 ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000024,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022880 ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052dd0 ret=7f1c8278790a | |
| 001b:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0023ecd0,00022880,00000024,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052e00 ret=7f1c82787ccc | |
| 001c:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022880,) ret=7fdc37225d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052e40 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022540 ret=7f9c24de3f74 | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7fdc37227fa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00022550,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052e80 ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 001b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0023ed10,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24de4006 | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022500 ret=7f9c24de4006 | |
| 001b:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052eb0 ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00022500,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 001b:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7fdc3722fe5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052ee0 ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022570 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052f20 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00022500,) ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052f50 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022500 ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052f80 ret=7f1c8278790a | |
| 001c:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00022500,00000010,) ret=7f9c24de748c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052fb0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00052ff0 ret=7f1c8278790a | |
| 001d:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001d:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053020 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001d:Starting thread proc 0x7bca4360 (arg=0x23400) | |
| 001e:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023470 ret=7f9c24de73b1 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f9c24df4082 | |
| 001e:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053050 ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000234d0 ret=7f9c24df4082 | |
| 001e:Starting thread proc 0x7bca4360 (arg=0x23400) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001d:Call KERNEL32.InitializeCriticalSection(000234e0,) ret=7f9c24df409b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053080 ret=7f1c82787ccc | |
| 001c:Call KERNEL32.WaitForSingleObject(000000a4,ffffffff,) ret=7f9c24dece5b | |
| 001d:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24df409b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrServerInitializeNew(000223f0,0056f630,7f9c2535dc80,) ret=7f9c2514b688 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000530c0 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514b688 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrPointerUnmarshall(0056f630,0056f7c8,7f9c2515776c,00000000,) ret=7f9c2514b77a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000530f0 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7f9c2514b77a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrPointerUnmarshall(0056f630,0056f7d0,7f9c25157c50,00000000,) ret=7f9c2514b793 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053120 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7f9c2514b793 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call rpcrt4.NdrContextHandleInitialize(0056f630,7f9c25157774,) ret=7f9c2514b7fb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053150 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000235c0 ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053190 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlInitializeResource(000235f8,) ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000531c0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(000235f8,00000001,) ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000531f0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000236b0 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053220 ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.NdrContextHandleInitialize() retval=000235c0 ret=7f9c2514b7fb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513cd2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053260 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000236e0 ret=7f9c2513cd2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlMapGenericMask(000236e4,7f9c25156860,) ret=7f9c2513cd68 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053290 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlMapGenericMask() retval=00000001 ret=7f9c2513cd68 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.I_RpcGetBuffer(000223f0,) ret=7f9c2514b84a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000532c0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023710 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000532f0 ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b84a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrServerContextNewMarshall(0056f630,000235c0,7f9c25142690,7f9c25157774,) ret=7f9c2514b881 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053330 ret=7f1c8278790a | |
| 001d:Call advapi32.SystemFunction036(000235e8,00000010,) ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053360 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000236b0,) ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053390 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlReleaseResource(000235f8,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000533c0 ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514b881 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrPointerFree(0056f630,00000000,7f9c2515776c,) ret=7f9c251491a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053400 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c251491a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrPointerFree(0056f630,00000000,7f9c25157c50,) ret=7f9c251491bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053430 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c251491bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053460 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000236b0 ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053490 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023740 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 001d:Call ntdll.NtWriteFile(00000070,000000b4,00000000,00000000,0056f7b0,00023740,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000534d0 ret=7f1c8278790a | |
| 001d:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 001b:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023740,) ret=7f9c24de2d43 | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053500 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022890 ret=7fdc37226f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000236b0,) ret=7f9c24de23ab | |
| 001b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000228a0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053530 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 001b:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00022570,) ret=7f9c24df5e13 | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37227006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053560 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7fdc37227006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023710,) ret=7f9c24df5e13 | |
| 001b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00022850,00000018,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000535a0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 001b:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00022540,) ret=7f9c24de23ab | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000535d0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de7804 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053600 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00022500,) ret=7f9c24de783a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7fdc372271a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053630 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00022890,) ret=7fdc372282bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053670 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,000227c0,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000536a0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771f70f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000536d0 ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrClientContextUnmarshall(0023f2f0,0023f6e0,00024b60,) ret=7fdc3771f756 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc371fbe46 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053700 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7fdc371fbe46 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721f121 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053740 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=00025010 ret=7fdc3721f121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053770 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=000227c0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000537a0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=000250a0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000537d0 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlAllocateHeap() retval=000250d0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fdc3771f756 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053810 ret=7f1c8278790a | |
| 001b:Call rpcrt4.NdrFreeBuffer(0023f2f0,) ret=7fdc3771bc64 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053840 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001b:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771bc64 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053870 ret=7f1c8278790a | |
| 001b:Call rpcrt4.RpcBindingFree(0023f090,) ret=7fdc37712bfd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024c50,) ret=7fdc3721fc15 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000538a0 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024c20,) ret=7fdc3721fc2d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000538e0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc2d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024bf0,) ret=7fdc3721fc45 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053910 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc45 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3721fc5d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053940 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc5d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3721fc75 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053970 ret=7f1c82787ccc | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc75 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 001b:Call ntdll.RtlFreeHeap(00010000,00000000,00024b60,) ret=7fdc3721fcb0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000539b0 ret=7f1c8278790a | |
| 001b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fcb0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001b:Ret rpcrt4.RpcBindingFree() retval=00000000 ret=7fdc37712bfd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000539e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053a10 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f9c25144d42 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25144aa0 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000236b0 ret=7f9c25144aa0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053a40 ret=7f1c82787ccc | |
| 001f:Call PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000042,) ret=7f9c2513e9bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7f1c8278790a | |
| 001f:Ret PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c2513e9bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053a80 ret=7f1c8278790a | |
| 001f:Starting thread proc 0x7fdc37713d80 (arg=0x22790) | |
| 000f:Call KERNEL32.WriteFile(00000098,000223f0,00000042,0023f6fc,0023f700,) ret=7f9c2513ea71 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053ab0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WriteFile() retval=00000001 ret=7f9c2513ea71 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrClientInitializeNew(0033f690,0033f7d0,7fdc37946c00,00000010,) ret=7fdc3771f970 | |
| 000f:Call KERNEL32.ReadFile(00000098,0023f794,00000004,0023f6fc,0023f700,) ret=7f9c2513ec37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053ae0 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771f970 | |
| 000f:Ret KERNEL32.ReadFile() retval=00000000 ret=7f9c2513ec37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NDRCContextBinding(00022850,) ret=7fdc3771f981 | |
| 000f:Call KERNEL32.WaitForSingleObject(00000094,00002710,) ret=7f9c2513ed22 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053b10 ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NDRCContextBinding() retval=00025010 ret=7fdc3771f981 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrConformantStringBufferSize(0033f7d0,00024ba0,7fdc37731f82,) ret=7fdc3771f9a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053b50 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrConformantStringBufferSize() retval=00000044 ret=7fdc3771f9a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrGetBuffer(0033f7d0,00000044,00025010,) ret=7fdc3771f9bd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053b80 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024bf0 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053bb0 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrGetBuffer() retval=00024bf0 ret=7fdc3771f9bd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrClientContextMarshall(0033f7d0,00022850,00000000,) ret=7fdc3771f9cb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053be0 ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fdc3771f9cb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrConformantStringMarshall(0033f7d0,00024ba0,7fdc37731f82,) ret=7fdc3771f9dd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053c20 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7fdc3771f9dd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrSendReceive(0033f7d0,00024c2c,) ret=7fdc3771fa43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053c50 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053c80 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7fdc37237082 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025100 ret=7fdc37237082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053cb0 ret=7f1c82787ccc | |
| 001f:Call KERNEL32.InitializeCriticalSection(00025110,) ret=7fdc3723709b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 001f:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fdc3723709b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053cf0 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000054,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025170 ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053d20 ret=7f1c8278790a | |
| 001f:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0033f1b0,00025170,00000054,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053d50 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 001c:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00025170,) ret=7fdc37225d43 | |
| 001c:Call KERNEL32.CloseHandle(000000b4,) ret=7f9c24decd8a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053d80 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 001c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7fdc37227fa1 | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053dc0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022500 ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0033f1f0,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00022510,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053df0 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7fdc3722fe5b | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003c,) ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053e20 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022530 ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00022530,0000003c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053e50 ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003c,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053e90 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00022530,) ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053ec0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053ef0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023540 ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023540,00000010,) ret=7f9c24de748c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053f20 ret=7f1c82787ccc | |
| 001c:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f9c24df4082 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000232b0 ret=7f9c24df4082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053f60 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000237f0 ret=7f9c24de73b1 | |
| 001e:Call KERNEL32.InitializeCriticalSection(000232c0,) ret=7f9c24df409b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001e:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24df409b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053f90 ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001e:Call rpcrt4.NdrServerInitializeNew(00023470,0067f630,7f9c2535dc80,) ret=7f9c2514e988 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call KERNEL32.WaitForSingleObject(000000a4,ffffffff,) ret=7f9c24dece5b | |
| 001e:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514e988 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053fc0 ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrServerContextNewUnmarshall(0067f630,7f9c2515777c,) ret=7f9c2514ea6f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(000235f8,00000001,) ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00053ff0 ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054030 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023850 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000235c0 ret=7f9c2514ea6f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054060 ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrConformantStringUnmarshall(0067f630,0067f7d0,7f9c25157782,00000000,) ret=7f9c2514ea90 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7f9c2514ea90 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054090 ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrContextHandleInitialize(0067f630,7f9c25157784,) ret=7f9c2514eaf8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000540c0 ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023880 ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlInitializeResource(000238b8,) ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054100 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(000238b8,00000001,) ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054130 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054160 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023970 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret rpcrt4.NdrContextHandleInitialize() retval=00023880 ret=7f9c2514eaf8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054190 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513bebc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000035,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000239a0 ret=7f9c2513bebc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000541d0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlMapGenericMask(000239a4,7f9c25156850,) ret=7f9c2513bef5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlMapGenericMask() retval=00008000 ret=7f9c2513bef5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054220 ret=7f1c8278790a | |
| 001e:Call rpcrt4.I_RpcGetBuffer(00023470,) ret=7f9c2514eb4b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054250 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023a50 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514eb4b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054280 ret=7f1c82787ccc | |
| 001e:Call rpcrt4.NdrServerContextNewMarshall(0067f630,00023880,7f9c25142690,7f9c25157784,) ret=7f9c2514eb82 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 001e:Call advapi32.SystemFunction036(000238a8,00000010,) ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000542c0 ret=7f1c8278790a | |
| 001e:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023970,) ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000542f0 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlReleaseResource(000238b8,) ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054320 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514eb82 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054350 ret=7f1c82787ccc | |
| 001e:Call rpcrt4.NdrPointerFree(0067f630,00023280,7f9c25157780,) ret=7f9c2514ec06 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c2514ec06 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054390 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023850,) ret=7f9c24df6f92 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000543c0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlReleaseResource(000235f8,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000543f0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023850 ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054420 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023a80 ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054460 ret=7f1c8278790a | |
| 001e:Call ntdll.NtWriteFile(00000070,000000bc,00000000,00000000,0067f7b0,00023a80,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054490 ret=7f1c8278790a | |
| 001f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023a80,) ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000544c0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7fdc37226f74 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023850,) ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00024ff0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000544f0 ret=7f1c82787ccc | |
| 001f:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000039,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37227006 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054530 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025170 ret=7fdc37227006 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023a50,) ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00025170,00000018,00000000,00000000,) ret=7fdc3722fdec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054580 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00022500,) ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37238de6 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000545b0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000251a0 ret=7fdc37238de6 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023470,) ret=7f9c24de7804 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000545e0 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00025170,) ret=7fdc372271a4 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054620 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023540,) ret=7f9c24de783a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7fdc372282bc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054650 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00024bf0,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054680 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771fa43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000546b0 ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrClientContextUnmarshall(0033f7d0,0033fbb0,00025010,) ret=7fdc3771fa89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc371fbe46 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000546f0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024bf0 ret=7fdc371fbe46 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721f121 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054720 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000251d0 ret=7fdc3721f121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054750 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054780 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025170 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000547c0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024c40 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fdc3771fa89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054810 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrFreeBuffer(0033f7d0,) ret=7fdc3771faec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000251a0,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054840 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771faec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054870 ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrClientInitializeNew(0033f690,0033f7d0,7fdc37946c00,00000010,) ret=7fdc3771f970 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000031,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771f970 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000548b0 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NDRCContextBinding(00022850,) ret=7fdc3771f981 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NDRCContextBinding() retval=00025010 ret=7fdc3771f981 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054900 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrConformantStringBufferSize(0033f7d0,00024ba0,7fdc37731f82,) ret=7fdc3771f9a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrConformantStringBufferSize() retval=00000044 ret=7fdc3771f9a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054930 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrGetBuffer(0033f7d0,00000044,00025010,) ret=7fdc3771f9bd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054960 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025260 ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrGetBuffer() retval=00025260 ret=7fdc3771f9bd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000549a0 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrClientContextMarshall(0033f7d0,00022850,00000000,) ret=7fdc3771f9cb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fdc3771f9cb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000549d0 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrConformantStringMarshall(0033f7d0,00024ba0,7fdc37731f82,) ret=7fdc3771f9dd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7fdc3771f9dd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054a00 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrSendReceive(0033f7d0,0002529c,) ret=7fdc3771fa43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054a30 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000251a0 ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000054,) ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054a70 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000252c0 ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0033f1b0,000252c0,00000054,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054aa0 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000252c0,) ret=7fdc37225d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054ad0 ret=7f1c8278790a | |
| 001c:Call KERNEL32.CloseHandle(000000bc,) ret=7f9c24decd8a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000251a0,) ret=7fdc37227fa1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054b00 ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023850 ret=7f9c24de3f74 | |
| 001f:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0033f1f0,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054b40 ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00023860,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 001f:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 001f:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7fdc3722fe5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054b70 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003c,) ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054ba0 ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00023260,0000003c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054bd0 ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003c,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023470 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054c10 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054c40 ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023540 ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054c70 ret=7f1c8278790a | |
| 001c:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023540,00000010,) ret=7f9c24de748c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001d:Call rpcrt4.NdrServerInitializeNew(000237f0,0056f630,7f9c2535dc80,) ret=7f9c2514e988 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054ca0 ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001d:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514e988 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000031,) ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022500 ret=7f9c24de73b1 | |
| 001d:Call rpcrt4.NdrServerContextNewUnmarshall(0056f630,7f9c2515777c,) ret=7f9c2514ea6f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054ce0 ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(000235f8,00000001,) ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054d30 ret=7f1c8278790a | |
| 001c:Call KERNEL32.WaitForSingleObject(000000a4,ffffffff,) ret=7f9c24dece5b | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054d60 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000235c0 ret=7f9c2514ea6f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call rpcrt4.NdrConformantStringUnmarshall(0056f630,0056f7d0,7f9c25157782,00000000,) ret=7f9c2514ea90 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054d90 ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7f9c2514ea90 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrContextHandleInitialize(0056f630,7f9c25157784,) ret=7f9c2514eaf8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054dd0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023a50 ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054e00 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlInitializeResource(00023a88,) ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054e30 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(00023a88,00000001,) ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054e60 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054ea0 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrContextHandleInitialize() retval=00023a50 ret=7f9c2514eaf8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513bebc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054ed0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023b70 ret=7f9c2513bebc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlMapGenericMask(00023b74,7f9c25156850,) ret=7f9c2513bef5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054f00 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlMapGenericMask() retval=0002008f ret=7f9c2513bef5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call rpcrt4.I_RpcGetBuffer(000237f0,) ret=7f9c2514eb4b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054f30 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023ba0 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054f70 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514eb4b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrServerContextNewMarshall(0056f630,00023a50,7f9c25142690,7f9c25157784,) ret=7f9c2514eb82 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054fa0 ret=7f1c8278790a | |
| 001d:Call advapi32.SystemFunction036(00023a78,00000010,) ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001d:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00054fd0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055000 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlReleaseResource(00023a88,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055040 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514eb82 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrPointerFree(0056f630,00023490,7f9c25157780,) ret=7f9c2514ec06 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055070 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c2514ec06 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24df6f92 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000550a0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlReleaseResource(000235f8,) ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000550d0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055110 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055140 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055170 ret=7f1c8278790a | |
| 001d:Call ntdll.NtWriteFile(00000070,000000c4,00000000,00000000,0056f7b0,00023260,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000551a0 ret=7f1c82787ccc | |
| 001f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000551e0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000251a0 ret=7fdc37226f74 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001f:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000251b0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055210 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023470,) ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37227006 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055240 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000252c0 ret=7fdc37227006 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023ba0,) ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000252c0,00000018,00000000,00000000,) ret=7fdc3722fdec | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055270 ret=7f1c82787ccc | |
| 001f:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023850,) ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37238de6 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000552b0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000252f0 ret=7fdc37238de6 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000237f0,) ret=7f9c24de7804 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000552e0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000252c0,) ret=7fdc372271a4 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055310 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023540,) ret=7f9c24de783a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000251a0,) ret=7fdc372282bc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055340 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000048,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00025260,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055380 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771fa43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000553e0 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrClientContextUnmarshall(0033f7d0,0033fbb0,00025010,) ret=7fdc3771fa89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc371fbe46 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055410 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025260 ret=7fdc371fbe46 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721f121 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055440 ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025320 ret=7fdc3721f121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055480 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000251a0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000554b0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000252b0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000554e0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000253b0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fdc3771fa89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055510 ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrFreeBuffer(0033f7d0,) ret=7fdc3771faec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000252f0,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055550 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771faec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055580 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000555b0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000555e0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c2513ed22 | |
| 0020:Ret PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.GetOverlappedResult(00000098,0023f700,0023f6fc,00000000,) ret=7f9c2513eca3 | |
| 0020:Starting thread proc 0x7fdc37711f20 (arg=0x22720) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055620 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.GetOverlappedResult() retval=00000001 ret=7f9c2513eca3 | |
| 0020:Call KERNEL32.CreateThreadpoolCleanupGroup() ret=7fdc37a5fe58 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c2513eae3 | |
| 0020:Ret KERNEL32.CreateThreadpoolCleanupGroup() retval=00025410 ret=7fdc37a5fe58 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055650 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2513eae3 | |
| 0020:Call advapi32.OpenSCManagerW(00000000,00000000,00000001,) ret=7fdc37a5fe77 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000236b0,) ret=7f9c25144bbf | |
| 0020:Call rpcrt4.NdrClientInitializeNew(0044f530,0044f670,7fdc37946c00,0000000f,) ret=7fdc3771f62f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055680 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144bbf | |
| 0020:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771f62f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023f7c0,00000000,00002710,) ret=7f9c25144c81 | |
| 0020:Call rpcrt4.RpcStringBindingComposeW(00000000,0044f3e0 L"ncacn_np",00000000,0044f400 L"\\pipe\\svcctl",00000000,0044f3d0,) ret=7fdc37711ccd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000556b0 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7fdc3721d6d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000254a0 ret=7fdc3721d6d4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000556f0 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7fdc37711ccd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.RpcBindingFromStringBindingW(000254a0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0044f3d8,) ret=7fdc37711d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055730 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025510 ret=7fdc3721c332 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055760 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025540 ret=7fdc3721c332 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055790 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7fdc3721c332 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025570 ret=7fdc3721c332 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000557d0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721c268 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000255a0 ret=7fdc3721c268 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055800 ret=7f1c8278790a | |
| 0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00025510 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000,) ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fdc3721c4ea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055830 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025630 ret=7fdc3721c508 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055860 ret=7f1c82787ccc | |
| 0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00025510 L"ncacn_np",ffffffff,00025630,00000009,00000000,00000000,) ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7fdc3721c52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000558a0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37220629 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37220629 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000558d0 ret=7f1c8278790a | |
| 0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00025540 L"",ffffffff,00000000,00000000,00000000,00000000,) ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7fdc3721c4ea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055900 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025660 ret=7fdc3721c508 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055930 ret=7f1c82787ccc | |
| 0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00025540 L"",ffffffff,00025660,00000001,00000000,00000000,) ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7fdc3721c52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055970 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37220659 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37220659 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000559a0 ret=7f1c8278790a | |
| 0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00025570 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000,) ret=7fdc3721c4ea | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fdc3721c4ea | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000559d0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c508 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025690 ret=7fdc3721c508 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055a00 ret=7f1c82787ccc | |
| 0020:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00025570 L"\\pipe\\svcctl",ffffffff,00025690,0000000d,00000000,00000000,) ret=7fdc3721c52c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7fdc3721c52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055a40 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37220689 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37220689 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055a70 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055aa0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025570,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055ad0 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025540,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055b10 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025510,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055b40 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055b70 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7fdc37711d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call rpcrt4.RpcStringFreeW(0044f3d0,) ret=7fdc37711d4d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055ba0 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000254a0,) ret=7fdc37237336 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37237336 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055be0 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.RpcStringFreeW() retval=00000000 ret=7fdc37711d4d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrPointerBufferSize(0044f670,00000000,7fdc37731f6c,) ret=7fdc3771f65c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055c10 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7fdc3771f65c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrPointerBufferSize(0044f670,00000000,7fdc37732450,) ret=7fdc3771f66e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055c40 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7fdc3771f66e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call rpcrt4.NdrGetBuffer(0044f670,00000010,000255a0,) ret=7fdc3771f685 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055c70 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000254a0 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055cb0 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrGetBuffer() retval=000254a0 ret=7fdc3771f685 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrPointerMarshall(0044f670,00000000,7fdc37731f6c,) ret=7fdc3771f697 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055ce0 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7fdc3771f697 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrPointerMarshall(0044f670,00000000,7fdc37732450,) ret=7fdc3771f6a9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055d10 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7fdc3771f6a9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call rpcrt4.NdrSendReceive(0044f670,000254ac,) ret=7fdc3771f70f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055d40 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000254d0 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055d80 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7fdc37237082 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025500 ret=7fdc37237082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055dd0 ret=7f1c8278790a | |
| 0020:Call KERNEL32.InitializeCriticalSection(00025510,) ret=7fdc3723709b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fdc3723709b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055e00 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000024,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025700 ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055e30 ret=7f1c82787ccc | |
| 0020:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0044f050,00025700,00000024,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000026,) ret=7f1c8278790a | |
| 0020:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055e70 ret=7f1c8278790a | |
| 001c:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025700,) ret=7fdc37225d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call KERNEL32.CloseHandle(000000c4,) ret=7f9c24decd8a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055eb0 ret=7f1c8278790a | |
| 001c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000254d0,) ret=7fdc37227fa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055ee0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000236b0 ret=7f9c24de3f74 | |
| 0020:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0044f090,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,000236c0,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 0020:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055f10 ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0020:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7fdc3722fe5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000026,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055f50 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023970 ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00023970,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055f90 ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055fc0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00023970,) ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00055ff0 ret=7f1c82787ccc | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056030 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00022100,00000010,) ret=7f9c24de748c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056060 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001e:Call rpcrt4.NdrServerInitializeNew(00022500,0067f630,7f9c2535dc80,) ret=7f9c2514b688 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056090 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de73b1 | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001e:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514b688 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001e:Call rpcrt4.NdrPointerUnmarshall(0067f630,0067f7c8,7f9c2515776c,00000000,) ret=7f9c2514b77a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000560c0 ret=7f1c82787ccc | |
| 001c:Call KERNEL32.WaitForSingleObject(000000a4,ffffffff,) ret=7f9c24dece5b | |
| 001e:Ret rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7f9c2514b77a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrPointerUnmarshall(0067f630,0067f7d0,7f9c25157c50,00000000,) ret=7f9c2514b793 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056100 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7f9c2514b793 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrContextHandleInitialize(0067f630,7f9c25157774,) ret=7f9c2514b7fb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056130 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023ba0 ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056160 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlInitializeResource(00023bd8,) ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056190 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(00023bd8,00000001,) ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000561d0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056200 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrContextHandleInitialize() retval=00023ba0 ret=7f9c2514b7fb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513cd2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056230 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023470 ret=7f9c2513cd2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlMapGenericMask(00023474,7f9c25156860,) ret=7f9c2513cd68 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056260 ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlMapGenericMask() retval=00000001 ret=7f9c2513cd68 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000029,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.I_RpcGetBuffer(00022500,) ret=7f9c2514b84a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000562a0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000237f0 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000562e0 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b84a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrServerContextNewMarshall(0067f630,00023ba0,7f9c25142690,7f9c25157774,) ret=7f9c2514b881 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056310 ret=7f1c8278790a | |
| 001e:Call advapi32.SystemFunction036(00023bc8,00000010,) ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056340 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000047,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056380 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlReleaseResource(00023bd8,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000563e0 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514b881 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrPointerFree(0067f630,00000000,7f9c2515776c,) ret=7f9c251491a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056410 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c251491a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call rpcrt4.NdrPointerFree(0067f630,00000000,7f9c25157c50,) ret=7f9c251491bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056440 ret=7f1c82787ccc | |
| 001e:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c251491bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056480 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023260 ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000564b0 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023820 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.NtWriteFile(00000070,000000cc,00000000,00000000,0067f7b0,00023820,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000564e0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 0020:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056510 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023820,) ret=7f9c24de2d43 | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000254d0 ret=7fdc37226f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056550 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023260,) ret=7f9c24de23ab | |
| 0020:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000254e0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0020:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056580 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24df5e13 | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37227006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025700 ret=7fdc37227006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000565b0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000237f0,) ret=7f9c24df5e13 | |
| 0020:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00025700,00000018,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0020:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000565e0 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000236b0,) ret=7f9c24de23ab | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025730 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056620 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00022500,) ret=7f9c24de7804 | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056650 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025700,) ret=7fdc372271a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056680 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c24de783a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000254d0,) ret=7fdc372282bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000566b0 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000254a0,) ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000566f0 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771f70f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrClientContextUnmarshall(0044f670,0044fa60,000255a0,) ret=7fdc3771f756 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056720 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc371fbe46 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000254a0 ret=7fdc371fbe46 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056750 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721f121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025760 ret=7fdc3721f121 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056780 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025700 ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000567c0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000257f0 ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000567f0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025820 ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056820 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fdc3771f756 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call rpcrt4.NdrFreeBuffer(0044f670,) ret=7fdc3771bc64 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056850 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025730,) ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056890 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771bc64 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.RpcBindingFree(0044f410,) ret=7fdc37712bfd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000568c0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025690,) ret=7fdc3721fc15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc15 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000568f0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025660,) ret=7fdc3721fc2d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc2d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056920 ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025630,) ret=7fdc3721fc45 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc45 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056960 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3721fc5d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc5d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000569a0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3721fc75 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fc75 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000569d0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000255a0,) ret=7fdc3721fcb0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721fcb0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056a00 ret=7f1c82787ccc | |
| 0020:Ret rpcrt4.RpcBindingFree() retval=00000000 ret=7fdc37712bfd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0020:Ret advapi32.OpenSCManagerW() retval=000254a0 ret=7fdc37a5fe77 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056a40 ret=7f1c8278790a | |
| 0020:Call advapi32.RegisterServiceCtrlHandlerExW(7fdc37a629a0 L"winedevice",7fdc37a61c60,000252f0,) ret=7fdc37a5fe9d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Ret advapi32.RegisterServiceCtrlHandlerExW() retval=00024bf0 ret=7fdc37a5fe9d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056a70 ret=7f1c8278790a | |
| 0020:Call advapi32.SetServiceStatus(00024bf0,0044fbc0,) ret=7fdc37a5fef3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrClientInitializeNew(0044f580,0044f6c0,7fdc37946c00,00000007,) ret=7fdc3771d7aa | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056aa0 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771d7aa | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call rpcrt4.NDRCContextBinding(00024bf0,) ret=7fdc3771d7bb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056ad0 ret=7f1c82787ccc | |
| 0020:Ret rpcrt4.NDRCContextBinding() retval=000251d0 ret=7fdc3771d7bb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrGetBuffer(0044f6c0,00000038,000251d0,) ret=7fdc3771d7de | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056b10 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000255a0 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056b40 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrGetBuffer() retval=000255a0 ret=7fdc3771d7de | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrClientContextMarshall(0044f6c0,00024bf0,00000000,) ret=7fdc3771d7ec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056b70 ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fdc3771d7ec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call rpcrt4.NdrSimpleStructMarshall(0044f6c0,0044fbc0,7fdc37731ea4,) ret=7fdc3771d7fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056ba0 ret=7f1c82787ccc | |
| 0020:Ret rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7fdc3771d7fe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrSendReceive(0044f6c0,000255d0,) ret=7fdc3771d80e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056be0 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025730 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056c10 ret=7f1c8278790a | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000255f0 ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056c40 ret=7f1c8278790a | |
| 0020:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0044f0a0,000255f0,00000048,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056c70 ret=7f1c82787ccc | |
| 0020:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 001c:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000255f0,) ret=7fdc37225d43 | |
| 001c:Call KERNEL32.CloseHandle(000000cc,) ret=7f9c24decd8a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056cb0 ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 001c:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025730,) ret=7fdc37227fa1 | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056ce0 ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023970 ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0044f0e0,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00023980,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056d10 ret=7f1c8278790a | |
| 0020:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 001c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7fdc3722fe5b | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056d40 ret=7f1c82787ccc | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023540 ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003b,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,00023540,00000030,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056d80 ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056dd0 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001c:Call ntdll.RtlFreeHeap(00010000,00000000,00023540,) ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056e00 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00023540 ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056e30 ret=7f1c82787ccc | |
| 001c:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023540,00000010,) ret=7f9c24de748c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 001c:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001d:Call rpcrt4.NdrServerInitializeNew(000223f0,0056f640,7f9c2535dc80,) ret=7f9c2514afd8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056e70 ret=7f1c8278790a | |
| 001c:Ret ntdll.RtlAllocateHeap() retval=00022500 ret=7f9c24de73b1 | |
| 001d:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514afd8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001c:Call ntdll.NtReadFile(00000070,000000a4,00000000,00000000,00022388,0045fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001d:Call rpcrt4.NdrServerContextNewUnmarshall(0056f640,7f9c251576a0,) ret=7f9c2514b0b3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056ea0 ret=7f1c8278790a | |
| 001c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(000238b8,00000001,) ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001c:Call KERNEL32.WaitForSingleObject(000000a4,ffffffff,) ret=7f9c24dece5b | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056ed0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056f00 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056f40 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=00023880 ret=7f9c2514b0b3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056f70 ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrSimpleStructUnmarshall(0056f640,0056f7e0,7f9c251576a4,00000000,) ret=7f9c2514b0d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056fa0 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7f9c2514b0d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call KERNEL32.SetEvent(0000008c,) ret=7f9c2513df42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00056fd0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f9c25144c81 | |
| 001d:Ret KERNEL32.SetEvent() retval=00000001 ret=7f9c2513df42 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057010 ret=7f1c8278790a | |
| 001d:Call rpcrt4.I_RpcGetBuffer(000223f0,) ret=7f9c2514b13f | |
| 000f:Call KERNEL32.ReleaseMutex(00000090,) ret=7f9c25144c15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057040 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f9c24df5de6 | |
| 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7f9c25144c15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057070 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000237f0 ret=7f9c24df5de6 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c25144842 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000570a0 ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b13f | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144842 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000570e0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24df6f92 | |
| 000f:Call KERNEL32.ResetEvent(00000044,) ret=7f9c2514448f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057110 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000f:Ret KERNEL32.ResetEvent() retval=00000001 ret=7f9c2514448f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057140 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlReleaseResource(000238b8,) ret=7f9c24dd8d4a | |
| 000f:Call KERNEL32.WaitForSingleObject(00000090,00007530,) ret=7f9c251444d8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057170 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c251444d8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000571b0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000f:Call KERNEL32.ConnectNamedPipe(00000098,0023fb50,) ret=7f9c251449c6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000571e0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24de1e37 | |
| 000f:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7f9c251449c6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057210 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,0000001c,) ret=7f9c24de2cf1 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f9c25144aa0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057240 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00023820 ret=7f9c24de2cf1 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023c50 ret=7f9c25144aa0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057280 ret=7f1c8278790a | |
| 001d:Call ntdll.NtWriteFile(00000070,000000cc,00000000,00000000,0056f7b0,00023820,0000001c,00000000,00000000,) ret=7f9c24decc6c | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000024,) ret=7f9c2513e9bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000572b0 ret=7f1c8278790a | |
| 001d:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023c80 ret=7f9c2513e9bc | |
| 0020:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000572e0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023820,) ret=7f9c24de2d43 | |
| 000f:Call KERNEL32.WriteFile(00000098,00023c80,00000024,0023faac,0023fab0,) ret=7f9c2513ea71 | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 000f:Ret KERNEL32.WriteFile() retval=00000001 ret=7f9c2513ea71 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00025730 ret=7fdc37226f74 | |
| 000f:Call KERNEL32.ReadFile(00000098,0023fb44,00000004,0023faac,0023fab0,) ret=7f9c2513ec37 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000042,) ret=7fdc37a61fdf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057310 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24de23ab | |
| 0020:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00025740,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 000f:Ret KERNEL32.ReadFile() retval=00000000 ret=7f9c2513ec37 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025660 ret=7fdc37a61fdf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0020:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 000f:Call KERNEL32.WaitForSingleObject(00000094,00002710,) ret=7f9c2513ed22 | |
| 001f:Call advapi32.OpenServiceW(000254a0,00025632 L"MountMgr",00008000,) ret=7fdc37a6202b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057350 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c24df5e13 | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7fdc37227006 | |
| 001f:Call rpcrt4.NdrClientInitializeNew(0033f470,0033f5b0,7fdc37946c00,00000010,) ret=7fdc3771f970 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057380 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000255f0 ret=7fdc37227006 | |
| 001f:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771f970 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000237f0,) ret=7f9c24df5e13 | |
| 0020:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000255f0,00000004,00000000,00000000,) ret=7fdc3722fdec | |
| 001f:Call rpcrt4.NDRCContextBinding(000254a0,) ret=7fdc3771f981 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000573b0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0020:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 001f:Ret rpcrt4.NDRCContextBinding() retval=00025760 ret=7fdc3771f981 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023970,) ret=7f9c24de23ab | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7fdc37238de6 | |
| 001f:Call rpcrt4.NdrConformantStringBufferSize(0033f5b0,00025632,7fdc37731f82,) ret=7fdc3771f9a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000573e0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=00024ba0 ret=7fdc37238de6 | |
| 001f:Ret rpcrt4.NdrConformantStringBufferSize() retval=0000003e ret=7fdc3771f9a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de7804 | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 001f:Call rpcrt4.NdrGetBuffer(0033f5b0,0000003e,00025760,) ret=7fdc3771f9bd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057420 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000255f0,) ret=7fdc372271a4 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025850 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057450 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7fdc3722e921 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023540,) ret=7f9c24de783a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00025730,) ret=7fdc372282bc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000258a0 ret=7fdc3722e921 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057480 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,000255a0,) ret=7fdc37238e13 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025730 ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000574b0 ret=7f1c82787ccc | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000004a,) ret=7f1c8278790a | |
| 0020:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771d80e | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255a0 ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000574f0 ret=7f1c8278790a | |
| 0020:Call rpcrt4.NdrFreeBuffer(0044f6c0,) ret=7fdc3771d8a7 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0020:Call ntdll.RtlFreeHeap(00010000,00000000,00024ba0,) ret=7fdc37238e13 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255d0 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057550 ret=7f1c8278790a | |
| 0020:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 001f:Call KERNEL32.CreateFileA(000255d0 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,40000000,00000000,) ret=7fdc3722f8cd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret KERNEL32.CreateFileA() retval=00000030 ret=7fdc3722f8cd | |
| 0020:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771d8a7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057580 ret=7f1c8278790a | |
| 0013:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7f9c24df2763 | |
| 001f:Call KERNEL32.SetNamedPipeHandleState(00000030,0033ef34,00000000,00000000,) ret=7fdc3722fa4f | |
| 0020:Ret advapi32.SetServiceStatus() retval=00000001 ret=7fdc37a5fef3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f9c24deb921 | |
| 001f:Ret KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7fdc3722fa4f | |
| 0020:Call ntoskrnl.exe.wine_ntoskrnl_main_loop(00000034,) ret=7fdc37a5feff | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000575b0 ret=7f1c82787ccc | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00023cc0 ret=7f9c24deb921 | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000255d0,) ret=7fdc37238e13 | |
| 0020:Call ntdll.RtlAllocateHeap(00010000,00000000,00001000,) ret=7fdc3748df4c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 0020:Ret ntdll.RtlAllocateHeap() retval=000259d0 ret=7fdc3748df4c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000575f0 ret=7f1c8278790a | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=000236b0 ret=7f9c24dd9498 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37224f0c | |
| 0020:Call KERNEL32.WaitForMultipleObjectsEx(00000002,0044f980,00000000,ffffffff,3000000001,) ret=7fdc3748dfe6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0013:Call KERNEL32.CreateNamedPipeA(00021f10 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000,) ret=7f9c24decedf | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255d0 ret=7fdc37224f0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057620 ret=7f1c8278790a | |
| 0013:Ret KERNEL32.CreateNamedPipeA() retval=000000d0 ret=7f9c24decedf | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24def4ac | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000269e0 ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057650 ret=7f1c8278790a | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00023970 ret=7f9c24def4ac | |
| 001f:Call ntdll.NtWriteFile(00000030,0000003c,00000000,00000000,0033ee80,000269e0,00000048,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057680 ret=7f1c82787ccc | |
| 0013:Call KERNEL32.GetComputerNameA(00023970,0033fc44,) ret=7f9c24def4c5 | |
| 001f:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000269e0,) ret=7fdc37225d43 | |
| 0013:Ret KERNEL32.GetComputerNameA() retval=00000001 ret=7f9c24def4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000576c0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 0013:Call KERNEL32.CreateThread(00000000,00000000,7f9c24de7280,00023cc0,00000000,00000000,) ret=7f9c24de79e4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000576f0 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000255d0,) ret=7fdc372253ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 0013:Ret KERNEL32.CreateThread() retval=000000d4 ret=7f9c24de79e4 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372253ab | |
| 0021:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057720 ret=7f1c8278790a | |
| 0013:Call KERNEL32.CloseHandle(000000d4,) ret=7f9c24de79fc | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,0033eea0,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 0021:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0013:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24de79fc | |
| 001f:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 0021:Starting thread proc 0x7f9c24de7280 (arg=0x23cc0) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057750 ret=7f1c82787ccc | |
| 0013:Call ntdll.NtFsControlFile(000000d0,00000084,00000000,00000000,00021ea8,00110008,00000000,00000000,00000000,00000000,) ret=7f9c24ded05a | |
| 001f:Call KERNEL32.WaitForSingleObject(0000003c,ffffffff,) ret=7fdc3722fe5b | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0013:Ret ntdll.NtFsControlFile() retval=00000103 ret=7f9c24ded05a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de73b1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057790 ret=7f1c8278790a | |
| 0013:Call ntdll.RtlReAllocateHeap(00010000,00000000,00021c70,00000010,) ret=7f9c24ded0fc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f9c24df4082 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0013:Ret ntdll.RtlReAllocateHeap() retval=00021c70 ret=7f9c24ded0fc | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023710 ret=7f9c24df4082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000577c0 ret=7f1c8278790a | |
| 0013:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00021c70,00000000,ffffffff,00000001,) ret=7f9c24df2763 | |
| 0021:Call KERNEL32.InitializeCriticalSection(00023720,) ret=7f9c24df409b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24df409b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000577f0 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,0078fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057820 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057860 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00023b50,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057890 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000578c0 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00022100,0000002c,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000578f0 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023780 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057930 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057960 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de6d24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c24de6d24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057990 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f9c24dd9268 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023df0 ret=7f9c24dd9268 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000579c0 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057a00 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=000237c0 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057a30 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023e80 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057a60 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023eb0 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2061 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057a90 ret=7f1c82787ccc | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023ee0 ret=7f9c24de2061 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c24de6f0a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057ad0 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de6f0a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057b00 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023f40 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Call ntdll.NtWriteFile(000000a0,000000d4,00000000,00000000,0078fb60,00023f40,00000044,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057b30 ret=7f1c8278790a | |
| 0021:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 001f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00023f40,) ret=7f9c24de2d43 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057b60 ret=7f1c82787ccc | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255d0 ret=7fdc37226f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00023ee0,) ret=7f9c24de23ab | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,000255e0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057ba0 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 001f:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00023780,) ret=7f9c24df5e13 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc37227006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057bd0 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024ba0 ret=7fdc37227006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24de23ab | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,00024ba0,0000002c,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057c00 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 001f:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de7372 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057c30 ret=7f1c82787ccc | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7372 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000269e0 ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de738b | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00024ba0,) ret=7fdc372271a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057c70 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de738b | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000269e0,) ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057ca0 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de73b1 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,0078fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000255d0,) ret=7fdc372253ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057cd0 ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372253ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Call KERNEL32.WaitForSingleObject(000000d4,ffffffff,) ret=7f9c24dece5b | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3721b44a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3721b44a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057d00 ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NdrGetBuffer() retval=00025850 ret=7fdc3771f9bd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrClientContextMarshall(0033f5b0,000254a0,00000000,) ret=7fdc3771f9cb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057d40 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fdc3771f9cb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrConformantStringMarshall(0033f5b0,00025632,7fdc37731f82,) ret=7fdc3771f9dd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057d70 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7fdc3771f9dd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrSendReceive(0033f5b0,00025888,) ret=7fdc3771fa43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057da0 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024ba0 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057dd0 ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7fdc37225cf1 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255d0 ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 001f:Call ntdll.NtWriteFile(00000030,0000003c,00000000,00000000,0033ef90,000255d0,00000050,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057e10 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000255d0,) ret=7fdc37225d43 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057e40 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00024ba0,) ret=7fdc37227fa1 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24de3f74 | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,0033efd0,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057e70 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00023b50,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 001f:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 001f:Call KERNEL32.WaitForSingleObject(0000003c,ffffffff,) ret=7fdc3722fe5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057ea0 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023ee0 ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057ee0 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00023ee0,00000038,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057f10 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023f30 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057f40 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00023ee0,) ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057f70 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023780 ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057fb0 ret=7f1c8278790a | |
| 0021:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023780,00000010,) ret=7f9c24de748c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0021:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001e:Call rpcrt4.NdrServerInitializeNew(000223f0,0067f630,7f9c2535dc80,) ret=7f9c2514e988 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00057fe0 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001e:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514e988 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058010 ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00024060 ret=7f9c24de73b1 | |
| 001e:Call rpcrt4.NdrServerContextNewUnmarshall(0067f630,7f9c2515777c,) ret=7f9c2514ea6f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058040 ret=7f1c82787ccc | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,0078fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(00023bd8,00000001,) ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058080 ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000580b0 ret=7f1c8278790a | |
| 0021:Call KERNEL32.WaitForSingleObject(000000d4,ffffffff,) ret=7f9c24dece5b | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000240c0 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000580e0 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=00023ba0 ret=7f9c2514ea6f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call rpcrt4.NdrConformantStringUnmarshall(0067f630,0067f7d0,7f9c25157782,00000000,) ret=7f9c2514ea90 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058110 ret=7f1c82787ccc | |
| 001e:Ret rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7f9c2514ea90 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrContextHandleInitialize(0067f630,7f9c25157784,) ret=7f9c2514eaf8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058150 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000240f0 ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058180 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlInitializeResource(00024128,) ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000581b0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(00024128,00000001,) ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000581e0 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058220 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrContextHandleInitialize() retval=000240f0 ret=7f9c2514eaf8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513bebc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058250 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024210 ret=7f9c2513bebc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlMapGenericMask(00024214,7f9c25156850,) ret=7f9c2513bef5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058280 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlMapGenericMask() retval=00008000 ret=7f9c2513bef5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call rpcrt4.I_RpcGetBuffer(000223f0,) ret=7f9c2514eb4b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000582b0 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024240 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000582f0 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514eb4b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrServerContextNewMarshall(0067f630,000240f0,7f9c25142690,7f9c25157784,) ret=7f9c2514eb82 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058320 ret=7f1c8278790a | |
| 001e:Call advapi32.SystemFunction036(00024118,00000010,) ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058350 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058380 ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlReleaseResource(00024128,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000583c0 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514eb82 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call rpcrt4.NdrPointerFree(0067f630,00023f50,7f9c25157780,) ret=7f9c2514ec06 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000583f0 ret=7f1c8278790a | |
| 001e:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c2514ec06 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000240c0,) ret=7f9c24df6f92 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058420 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlReleaseResource(00023bd8,) ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058450 ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058490 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000240c0 ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000584c0 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024270 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001e:Call ntdll.NtWriteFile(000000a0,000000e0,00000000,00000000,0067f7b0,00024270,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000584f0 ret=7f1c8278790a | |
| 001e:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024270,) ret=7f9c24de2d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058520 ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255d0 ret=7fdc37226f74 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000240c0,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058560 ret=7f1c8278790a | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,000255e0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023f30,) ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058590 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37227006 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024ba0 ret=7fdc37227006 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024240,) ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000585c0 ret=7f1c8278790a | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,00024ba0,00000018,00000000,00000000,) ret=7fdc3722fdec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000585f0 ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37238de6 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000269e0 ret=7fdc37238de6 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de7804 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058630 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058660 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00024ba0,) ret=7fdc372271a4 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023780,) ret=7f9c24de783a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058690 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000255d0,) ret=7fdc372282bc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000586c0 ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00025850,) ret=7fdc37238e13 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771fa43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058700 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrClientContextUnmarshall(0033f5b0,0033f990,00025760,) ret=7fdc3771fa89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc371fbe46 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00025850 ret=7fdc371fbe46 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058730 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7fdc3721f121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00026a10 ret=7fdc3721f121 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058760 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc3721c498 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00024ba0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7fdc3721c498 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000255d0 ret=7fdc3721c498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058790 ret=7f1c82787ccc | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7fdc3721c498 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00026aa0 ret=7fdc3721c498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7fdc3771fa89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000587d0 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrFreeBuffer(0033f5b0,) ret=7fdc3771faec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000269e0,) ret=7fdc37238e13 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058800 ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771faec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Ret advapi32.OpenServiceW() retval=00025850 ret=7fdc37a6202b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058830 ret=7f1c8278790a | |
| 001f:Call advapi32.SetServiceStatus(00025850,0033fb00,) ret=7fdc37a6214c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrClientInitializeNew(0033f4b0,0033f5f0,7fdc37946c00,00000007,) ret=7fdc3771d7aa | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058860 ret=7f1c82787ccc | |
| 001f:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771d7aa | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 001f:Call rpcrt4.NDRCContextBinding(00025850,) ret=7fdc3771d7bb | |
| 001f:Ret rpcrt4.NDRCContextBinding() retval=00026a10 ret=7fdc3771d7bb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000588a0 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrGetBuffer(0033f5f0,00000038,00026a10,) ret=7fdc3771d7de | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000588d0 ret=7f1c8278790a | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00026ad0 ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Ret rpcrt4.NdrGetBuffer() retval=00026ad0 ret=7fdc3771d7de | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058900 ret=7f1c8278790a | |
| 001f:Call rpcrt4.NdrClientContextMarshall(0033f5f0,00025850,00000000,) ret=7fdc3771d7ec | |
| 001f:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fdc3771d7ec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrSimpleStructMarshall(0033f5f0,0033fb00,7fdc37731ea4,) ret=7fdc3771d7fe | |
| 001f:Ret rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7fdc3771d7fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058930 ret=7f1c82787ccc | |
| 001f:Call rpcrt4.NdrSendReceive(0033f5f0,00026b00,) ret=7fdc3771d80e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000269e0 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058970 ret=7f1c8278790a | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37225cf1 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00026b20 ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001f:Call ntdll.NtWriteFile(00000030,0000003c,00000000,00000000,0033efd0,00026b20,00000048,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000589a0 ret=7f1c8278790a | |
| 001f:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0021:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00026b20,) ret=7fdc37225d43 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000589d0 ret=7f1c8278790a | |
| 0021:Call KERNEL32.CloseHandle(000000e0,) ret=7f9c24decd8a | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000269e0,) ret=7fdc37227fa1 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,0033f010,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058a00 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 001f:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24de3f74 | |
| 001f:Call KERNEL32.WaitForSingleObject(0000003c,ffffffff,) ret=7fdc3722fe5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058a40 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00023b50,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058a70 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058aa0 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00022100,00000030,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058ad0 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023780 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058b10 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058b40 ret=7f1c8278790a | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00022100 ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058b70 ret=7f1c8278790a | |
| 0021:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00022100,00000010,) ret=7f9c24de748c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0021:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001d:Call rpcrt4.NdrServerInitializeNew(00024060,0056f640,7f9c2535dc80,) ret=7f9c2514afd8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058ba0 ret=7f1c82787ccc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001d:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514afd8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de73b1 | |
| 001d:Call rpcrt4.NdrServerContextNewUnmarshall(0056f640,7f9c251576a0,) ret=7f9c2514b0b3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058be0 ret=7f1c8278790a | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,0078fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(00024128,00000001,) ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058c20 ret=7f1c8278790a | |
| 0021:Call KERNEL32.WaitForSingleObject(000000d4,ffffffff,) ret=7f9c24dece5b | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058c50 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000240f0 ret=7f9c2514b0b3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call rpcrt4.NdrSimpleStructUnmarshall(0056f640,0056f7e0,7f9c251576a4,00000000,) ret=7f9c2514b0d4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058c80 ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7f9c2514b0d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 001d:Call KERNEL32.SetEvent(00000044,) ret=7f9c2513df42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058cc0 ret=7f1c8278790a | |
| 001d:Ret KERNEL32.SetEvent() retval=00000001 ret=7f9c2513df42 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call rpcrt4.I_RpcGetBuffer(00024060,) ret=7f9c2514b13f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058cf0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024000 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058d20 ret=7f1c8278790a | |
| 001d:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b13f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c24df6f92 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058d50 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlReleaseResource(00024128,) ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058d90 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058dc0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,0000001c,) ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058df0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024240 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.NtWriteFile(000000a0,000000e0,00000000,00000000,0056f7b0,00024240,0000001c,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058e20 ret=7f1c82787ccc | |
| 001d:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 001f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024240,) ret=7f9c24de2d43 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=000269e0 ret=7fdc37226f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058e60 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,000269f0,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c24de23ab | |
| 001f:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058e90 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7fdc37227006 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00026b20 ret=7fdc37227006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023780,) ret=7f9c24df5e13 | |
| 001f:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,00026b20,00000004,00000000,00000000,) ret=7fdc3722fdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058ec0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 001f:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024000,) ret=7f9c24df5e13 | |
| 001f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7fdc37238de6 | |
| 001f:Ret ntdll.RtlAllocateHeap() retval=00026b50 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058ef0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023b40,) ret=7f9c24de23ab | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00026b20,) ret=7fdc372271a4 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058f30 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,000269e0,) ret=7fdc372282bc | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024060,) ret=7f9c24de7804 | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00026ad0,) ret=7fdc37238e13 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058f70 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 001f:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771d80e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 001f:Call rpcrt4.NdrFreeBuffer(0033f5f0,) ret=7fdc3771d8a7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058fa0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 001f:Call ntdll.RtlFreeHeap(00010000,00000000,00026b50,) ret=7fdc37238e13 | |
| 001f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00022100,) ret=7f9c24de783a | |
| 001f:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771d8a7 | |
| 001f:Ret advapi32.SetServiceStatus() retval=00000001 ret=7fdc37a6214c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00058fd0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 001f:Call KERNEL32.TrySubmitThreadpoolCallback(7fdc37a61420,00025660,0033fb00,) ret=7fdc37a62194 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059010 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059040 ret=7f1c8278790a | |
| 001f:Ret KERNEL32.TrySubmitThreadpoolCallback() retval=00000001 ret=7fdc37a62194 | |
| 0022:Call PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001f:Call ntdll.RtlNtStatusToDosError(00000000,) ret=7fdc37a621a9 | |
| 001f:Ret ntdll.RtlNtStatusToDosError() retval=00000000 ret=7fdc37a621a9 | |
| 0022:Ret PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059070 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c2513ed22 | |
| 0022:Starting thread proc 0x7bca4360 (arg=0x26bb0) | |
| 0023:Call PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.GetOverlappedResult(00000098,0023fab0,0023faac,00000000,) ret=7f9c2513eca3 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7fdc37a614d3 | |
| 0023:Ret PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000590a0 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.GetOverlappedResult() retval=00000001 ret=7f9c2513eca3 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00026ca0 ret=7fdc37a614d3 | |
| 0023:Starting thread proc 0x7bca4360 (arg=0x26bb0) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023c80,) ret=7f9c2513eae3 | |
| 0022:Call ntdll.RtlInitUnicodeString(0055fb40,00026ca0 L"\\Driver\\MountMgr",) ret=7fdc37a61548 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000590e0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2513eae3 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc37a61548 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023c50,) ret=7f9c25144bbf | |
| 0022:Call ntoskrnl.exe.IoCreateDriver(0055fb40,7fdc37a607a0,) ret=7fdc37a61557 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059110 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144bbf | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748ee11 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023fb70,00000000,00002710,) ret=7f9c25144c81 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00026ce0 ret=7fdc3748ee11 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059140 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f9c25144c81 | |
| 0022:Call ntdll.RtlDuplicateUnicodeString(00000001,0055fb40,00026d38,) ret=7fdc3748ee31 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ReleaseMutex(00000090,) ret=7f9c25144c15 | |
| 0022:Ret ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7fdc3748ee31 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059170 ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,0000007a,) ret=7fdc3748f215 | |
| 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7f9c25144c15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00026ed0 ret=7fdc3748f215 | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(000207c0 L"C:\\windows\\system32\\plugplay.exe",00000000,00000000,) ret=7f9c25143c61 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000591b0 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(00026e68,00026ed0 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr",) ret=7fdc3748f285 | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000021 ret=7f9c25143c61 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000078 ret=7fdc3748f285 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000042,) ret=7f9c25143c7e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000591e0 ret=7f1c8278790a | |
| 0022:Call advapi32.RegOpenKeyW(ffffffff80000002,00026ef4 L"System\\CurrentControlSet\\Services\\MountMgr",0055f5f8,) ret=7fdc37a6024c | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023c50 ret=7f9c25143c7e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegOpenKeyW() retval=00000000 ret=7fdc37a6024c | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(000207c0 L"C:\\windows\\system32\\plugplay.exe",00023c50,00000021,) ret=7f9c25143ca1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059210 ret=7f1c8278790a | |
| 0022:Call advapi32.RegQueryValueExW(00000044,7fdc37a628e0 L"ImagePath",00000000,0055f5f0,00000000,0055f5f4,) ret=7fdc37a602ff | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000021 ret=7f9c25143ca1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fdc37a602ff | |
| 000f:Call advapi32.RegQueryValueExW(00000024,00000000,00000000,0023f870,0023f850,0023f848,) ret=7f9c25143d05 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059240 ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000052,) ret=7fdc37a60328 | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25143d05 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00026f60 ret=7fdc37a60328 | |
| 000f:Call advapi32.RegSetValueExW(00000024,00000000,00000000,00000004,7f9c2535f230,00000004,) ret=7f9c25143d3d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059280 ret=7f1c8278790a | |
| 0022:Call advapi32.RegQueryValueExW(00000044,7fdc37a628e0 L"ImagePath",00000000,0055f5f0,00026f60,0055f5f4,) ret=7fdc37a6034d | |
| 000f:Ret advapi32.RegSetValueExW() retval=00000000 ret=7f9c25143d3d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7fdc37a6034d | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f9c25143d84 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000592b0 ret=7f1c8278790a | |
| 0022:Call KERNEL32.ExpandEnvironmentStringsW(00026f60 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00000000,00000000,) ret=7fdc37a605e1 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023ee0 ret=7f9c25143d84 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0022:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7fdc37a605e1 | |
| 000f:Call KERNEL32.CreateMutexW(00000000,00000001,00000000,) ret=7f9c25143dae | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000592e0 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000052,) ret=7fdc37a605ff | |
| 000f:Ret KERNEL32.CreateMutexW() retval=000000e4 ret=7f9c25143dae | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059310 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00026fd0 ret=7fdc37a605ff | |
| 000f:Call KERNEL32.CreateNamedPipeW(7f9c2535f1e0 L"\\\\.\\pipe\\net\\NtControlPipe3",40000003,00000000,00000001,00000100,00000100,00002710,00000000,) ret=7f9c25143e15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059350 ret=7f1c8278790a | |
| 0022:Call KERNEL32.ExpandEnvironmentStringsW(00026f60 L"C:\\windows\\system32\\drivers\\mountmgr.sys",00026fd0,00000029,) ret=7fdc37a60612 | |
| 000f:Ret KERNEL32.CreateNamedPipeW() retval=000000ec ret=7f9c25143e15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059380 ret=7f1c8278790a | |
| 0022:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000029 ret=7fdc37a60612 | |
| 000f:Call KERNEL32.ResetEvent(0000004c,) ret=7f9c25143e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000593b0 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00026f60,) ret=7fdc37a60629 | |
| 000f:Ret KERNEL32.ResetEvent() retval=00000001 ret=7f9c25143e85 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000593e0 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37a60629 | |
| 000f:Call KERNEL32.CreateProcessW(00000000,00023c50 L"C:\\windows\\system32\\plugplay.exe",00000000,00000000,00000000,00000400,00350000,00000000,0023f870,0023f850,) ret=7f9c25143f02 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059420 ret=7f1c8278790a | |
| 0022:Call advapi32.RegCloseKey(00000044,) ret=7fdc37a60555 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059450 ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc37a60555 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059480 ret=7f1c8278790a | |
| 0022:Call KERNEL32.LoadLibraryW(00026fd0 L"C:\\windows\\system32\\drivers\\mountmgr.sys",) ret=7fdc37a5faef | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000594b0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000594f0 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059520 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059550 ret=7f1c8278790a | |
| 0022:Ret KERNEL32.LoadLibraryW() retval=7fdc36fc0000 ret=7fdc37a5faef | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059580 ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlImageNtHeader(7fdc36fc0000,) ret=7fdc37a5fb0a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000595c0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlImageNtHeader() retval=7fdc36fc0040 ret=7fdc37a5fb0a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00026fd0,) ret=7fdc37a60588 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000595f0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37a60588 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0022:Call ntdll.LdrLockLoaderLock(00000000,00000000,0055f860,) ret=7fdc37a6086a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059620 ret=7f1c8278790a | |
| 0022:Ret ntdll.LdrLockLoaderLock() retval=00000000 ret=7fdc37a6086a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.LdrFindEntryForAddress(7fdc36fc0000,0055f858,) ret=7fdc37a60877 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059650 ret=7f1c82787ccc | |
| 0022:Ret ntdll.LdrFindEntryForAddress() retval=00000000 ret=7fdc37a60877 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059690 ret=7f1c8278790a | |
| 0022:Call ntdll.LdrUnlockLoaderLock(00000000,00000022,) ret=7fdc37a608a0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0022:Ret ntdll.LdrUnlockLoaderLock() retval=00000000 ret=7fdc37a608a0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000596c0 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlImageNtHeader(7fdc36fc0000,) ret=7fdc37a608b2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlImageNtHeader() retval=7fdc36fc0040 ret=7fdc37a608b2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000596f0 ret=7f1c8278790a | |
| 0022:Call driver init 0x7fdc36fd0170 (obj=0x26d00,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr") | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059720 ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlInitUnicodeString(0055f630,7fdc36fd19c0 L"\\Device\\MountPointManager",) ret=7fdc36fcfe6b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000032 ret=7fdc36fcfe6b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059760 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055f640,7fdc36fd1980 L"\\??\\MountPointManager",) ret=7fdc36fcfe7a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000002a ret=7fdc36fcfe7a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059790 ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00026d00,00000000,0055f630,00000000,7fdc00000000,00000000,0055f628,) ret=7fdc36fcfea4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000148,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000597c0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00026f60 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcfea4 | |
| 0025:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000597f0 ret=7f1c82787ccc | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055f640,0055f630,) ret=7fdc36fcff5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 0025:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055f448,000f0001,0055f450,0055f630,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059830 ret=7f1c8278790a | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcff5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059860 ret=7f1c8278790a | |
| 0022:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fdc36fd1940 L"System\\MountedDevices",00000000,00000000,7fdc00000001,000f003f,00000000,7fdc371d4920,00000000,) ret=7fdc36fcffad | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fdc36fcffad | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059890 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055f630,7fdc36fd1900 L"\\Driver\\Harddisk",) ret=7fdc36fcffbc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fcffbc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000598c0 ret=7f1c82787ccc | |
| 0022:Call ntoskrnl.exe.IoCreateDriver(0055f630,7fdc36fcea40,) ret=7fdc36fcffcb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748ee11 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059900 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027260 ret=7fdc3748ee11 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlDuplicateUnicodeString(00000001,0055f630,000272b8,) ret=7fdc3748ee31 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059930 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7fdc3748ee31 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,0000007a,) ret=7fdc3748f215 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059960 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027410 ret=7fdc3748f215 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlInitUnicodeString(000273e8,00027410 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Harddisk",) ret=7fdc3748f285 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059990 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000078 ret=7fdc3748f285 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000599d0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027100 ret=7fdc36fcc433 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0055f210,00000000,00000000,00000000,0055f208,) ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059a00 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000274a0 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059a30 ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003a,) ret=7fdc36fcc5ed | |
| 0025:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059a60 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027650 ret=7fdc36fcc5ed | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055f220,0055f210,) ret=7fdc36fcc642 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059aa0 ret=7f1c8278790a | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055f038,000f0001,0055f040,0055f210,) ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059ad0 ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcc642 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059b00 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000276a0 ret=7fdc36fccaac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call advapi32.RegOpenKeyW(ffffffff80000002,7fdc36fd1520 L"Software\\Wine\\Drives",0055f2f0,) ret=7fdc36fceb19 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059b30 ret=7f1c82787ccc | |
| 0022:Ret advapi32.RegOpenKeyW() retval=00000000 ret=7fdc36fceb19 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059b70 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000276e0 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,000276e0,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059ba0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059bd0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000276e0 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,000276e0,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059c00 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000f:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7f9c25143f02 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023c50,) ret=7f9c25143f1f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059c40 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000276e0 ret=7fdc36fcd4c5 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143f1f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000f:Call KERNEL32.CloseHandle(000000fc,) ret=7f9c25143f4d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059c70 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027770 ret=7fdc36fcd4c5 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143f4d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027770,) ret=7fdc36fcd50d | |
| 000f:Call KERNEL32.ConnectNamedPipe(000000ec,0023fb50,) ret=7f9c251449c6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059ca0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000f:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7f9c251449c6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055f2fa L"c:",00000000,0055f2d0,0055f300,0055f2d4,) ret=7fdc36fcebfd | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023fb70,00000000,00002710,) ret=7f9c25144d42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059cd0 ret=7f1c82787ccc | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcebfd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000026,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7fdc36fcde77 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059d10 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027770 ret=7fdc36fcde77 | |
| 0025:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 0025:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059d50 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000277b0 ret=7fdc36fcdd8f | |
| 0025:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059d80 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027800 ret=7fdc36fcc433 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0055f1a0,00000000,00000000,00000000,0055f198,) ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059db0 ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027860 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059df0 ret=7f1c8278790a | |
| 0025:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call PE DLL (proc=0x7f5c1c487730,module=0x7f5c1c430000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059e20 ret=7f1c8278790a | |
| 0025:Ret PE DLL (proc=0x7f5c1c487730,module=0x7f5c1c430000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Starting process L"C:\\windows\\system32\\plugplay.exe" (entryproc=0x7f5c1c7bec10) | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059e50 ret=7f1c8278790a | |
| 0025:Call advapi32.StartServiceCtrlDispatcherW(7f5c1c9bfd60,) ret=7f5c1c7bec00 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059e80 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000269e0 ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,000000da,) ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059ec0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027a10 ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(00027a38,00027a58 L"\\??\\Volume{00000000-0000-0000-0000-000000000043}",) ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059ef0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call PE DLL (proc=0x7f5c1c1eec70,module=0x7f5c1c1a0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(00027a38,000279b8,) ret=7fdc36fcf077 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059f20 ret=7f1c8278790a | |
| 0025:Ret PE DLL (proc=0x7f5c1c1eec70,module=0x7f5c1c1a0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ef28,000f0001,0055ef30,000279b8,) ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call rpcrt4.NdrClientInitializeNew(0023f1e0,0023f320,7f5c1c6a5c00,0000000f,) ret=7f5c1c47e62f | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059f50 ret=7f1c82787ccc | |
| 0025:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7f5c1c47e62f | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 0025:Call rpcrt4.RpcStringBindingComposeW(00000000,0023f090 L"ncacn_np",00000000,0023f0b0 L"\\pipe\\svcctl",00000000,0023f080,) ret=7f5c1c470ccd | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000096,) ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059f90 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f5c1c1d06d4 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027b00 ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cab0 ret=7f5c1c1d06d4 | |
| 0022:Call ntdll.RtlInitUnicodeString(00027b28,00027b48 L"\\DosDevices\\C:",) ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059fc0 ret=7f1c8278790a | |
| 0025:Ret rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f5c1c470ccd | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call rpcrt4.RpcBindingFromStringBindingW(0001cab0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0023f088,) ret=7f5c1c470d43 | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(00027b28,000279b8,) ret=7fdc36fcf077 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00059ff0 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f5c1c1cf332 | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055efd8,000f0001,0055efe0,000279b8,) ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb20 ret=7f5c1c1cf332 | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a020 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7f5c1c1cf332 | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb50 ret=7f5c1c1cf332 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a060 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f5c1c1cf332 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb80 ret=7f5c1c1cf332 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,0000000b,) ret=7fdc36fcfba0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a090 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f5c1c1cf268 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027bb0 ret=7fdc36fcfba0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001ee50 ret=7f5c1c1cf268 | |
| 0022:Call advapi32.RegSetValueExW(0000004c,00027a58 L"\\??\\Volume{00000000-0000-0000-0000-000000000043}",00000000,00000003,00027bb0,0000000b,) ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a0c0 ret=7f1c8278790a | |
| 0025:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0001cb20 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000,) ret=7f5c1c1cf4ea | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f5c1c1cf4ea | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a0f0 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f5c1c1cf508 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001eee0 ret=7f5c1c1cf508 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,0000000b,) ret=7fdc36fcfba0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a130 ret=7f1c8278790a | |
| 0025:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0001cb20 L"ncacn_np",ffffffff,0001eee0,00000009,00000000,00000000,) ret=7f5c1c1cf52c | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027be0 ret=7fdc36fcfba0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f5c1c1cf52c | |
| 0022:Call advapi32.RegSetValueExW(0000004c,00027b48 L"\\DosDevices\\C:",00000000,00000003,00027be0,0000000b,) ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a160 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1d3629 | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d3629 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a190 ret=7f1c8278790a | |
| 0025:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0001cb50 L"",ffffffff,00000000,00000000,00000000,00000000,) ret=7f5c1c1cf4ea | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f5c1c1cf4ea | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a1c0 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f5c1c1cf508 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001ef10 ret=7f5c1c1cf508 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a200 ret=7f1c8278790a | |
| 0025:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0001cb50 L"",ffffffff,0001ef10,00000001,00000000,00000000,) ret=7f5c1c1cf52c | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0025:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f5c1c1cf52c | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a230 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1d3659 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d3659 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a260 ret=7f1c8278790a | |
| 0025:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0001cb80 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000,) ret=7f5c1c1cf4ea | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f5c1c1cf4ea | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a290 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f5c1c1cf508 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001ef40 ret=7f5c1c1cf508 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a2d0 ret=7f1c8278790a | |
| 0025:Call KERNEL32.WideCharToMultiByte(00000000,00000000,0001cb80 L"\\pipe\\svcctl",ffffffff,0001ef40,0000000d,00000000,00000000,) ret=7f5c1c1cf52c | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f5c1c1cf52c | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a300 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1d3689 | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d3689 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000098,) ret=7f5c1c1cd827 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a330 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001ef70 ret=7f5c1c1cd827 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call KERNEL32.InitializeCriticalSection(0001efc0,) ret=7f5c1c1cd874 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a360 ret=7f1c82787ccc | |
| 0025:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f5c1c1cd874 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f5c1c1cf498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a3a0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f060 ret=7f5c1c1cf498 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f5c1c1cf498 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a3d0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f090 ret=7f5c1c1cf498 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f5c1c1cf498 | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f0c0 ret=7f5c1c1cf498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a400 ret=7f1c8278790a | |
| 0025:Call advapi32.SystemFunction036(0001efac,00000010,) ret=7f5c1c1eaadb | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret advapi32.SystemFunction036() retval=00000001 ret=7f5c1c1eaadb | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a430 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1ea336 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ea336 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a470 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb80,) ret=7f5c1c1ea336 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ea336 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a4a0 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb50,) ret=7f5c1c1ea336 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ea336 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a4d0 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb20,) ret=7f5c1c1ea336 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ea336 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a500 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1ea336 | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ea336 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0025:Ret rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f5c1c470d43 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a540 ret=7f1c8278790a | |
| 0025:Call rpcrt4.RpcStringFreeW(0023f080,) ret=7f5c1c470d4d | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cab0,) ret=7f5c1c1ea336 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a570 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ea336 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Ret rpcrt4.RpcStringFreeW() retval=00000000 ret=7f5c1c470d4d | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a5a0 ret=7f1c8278790a | |
| 0025:Call rpcrt4.NdrPointerBufferSize(0023f320,00000000,7f5c1c490f6c,) ret=7f5c1c47e65c | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f5c1c47e65c | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a5d0 ret=7f1c82787ccc | |
| 0025:Call rpcrt4.NdrPointerBufferSize(0023f320,00000000,7f5c1c491450,) ret=7f5c1c47e66e | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 0025:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f5c1c47e66e | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a610 ret=7f1c8278790a | |
| 0025:Call rpcrt4.NdrGetBuffer(0023f320,00000010,0001ee50,) ret=7f5c1c47e685 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f5c1c1ebde6 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a640 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cab0 ret=7f5c1c1ebde6 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f5c1c1e1921 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a670 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f0f0 ret=7f5c1c1e1921 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f5c1c1cf498 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a6a0 ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cae0 ret=7f5c1c1cf498 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f5c1c1cf498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a6e0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb10 ret=7f5c1c1cf498 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f5c1c1ebde6 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a710 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb40 ret=7f5c1c1ebde6 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call KERNEL32.CreateFileA(0001cb40 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,40000000,00000000,) ret=7f5c1c1e28cd | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a740 ret=7f1c8278790a | |
| 0025:Ret KERNEL32.CreateFileA() retval=00000004 ret=7f5c1c1e28cd | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 0013:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7f9c24df2763 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call KERNEL32.SetNamedPipeHandleState(00000004,0023eca4,00000000,00000000,) ret=7f5c1c1e2a4f | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f9c24deb921 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a770 ret=7f1c82787ccc | |
| 0025:Ret KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7f5c1c1e2a4f | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00024240 ret=7f9c24deb921 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb40,) ret=7f5c1c1ebe13 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a7b0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=000233d0 ret=7f9c24dd9498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f5c1c1d7f0c | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 0013:Call KERNEL32.CreateNamedPipeA(00021f10 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000,) ret=7f9c24decedf | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a7e0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb40 ret=7f5c1c1d7f0c | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 0013:Ret KERNEL32.CreateNamedPipeA() retval=000000f0 ret=7f9c24decedf | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a810 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f5c1c1ea082 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24def4ac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a840 ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f220 ret=7f5c1c1ea082 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00023b40 ret=7f9c24def4ac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a880 ret=7f1c8278790a | |
| 0025:Call KERNEL32.InitializeCriticalSection(0001f230,) ret=7f5c1c1ea09b | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 0013:Call KERNEL32.GetComputerNameA(00023b40,0033fc44,) ret=7f9c24def4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a8b0 ret=7f1c8278790a | |
| 0025:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f5c1c1ea09b | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 0013:Ret KERNEL32.GetComputerNameA() retval=00000001 ret=7f9c24def4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f5c1c1d8cf1 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 0013:Call KERNEL32.CreateThread(00000000,00000000,7f9c24de7280,00024240,00000000,00000000,) ret=7f9c24de79e4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a8e0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f2d0 ret=7f5c1c1d8cf1 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a910 ret=7f1c82787ccc | |
| 0025:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0023ebf0,0001f2d0,00000048,00000000,00000000,) ret=7f5c1c1e2c6c | |
| 0013:Ret KERNEL32.CreateThread() retval=000000f4 ret=7f9c24de79e4 | |
| 0025:Ret ntdll.NtWriteFile() retval=00000000 ret=7f5c1c1e2c6c | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 0026:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0013:Call KERNEL32.CloseHandle(000000f4,) ret=7f9c24de79fc | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001f2d0,) ret=7f5c1c1d8d43 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 0026:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a950 ret=7f1c8278790a | |
| 0013:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24de79fc | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d8d43 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 0026:Starting thread proc 0x7f9c24de7280 (arg=0x24240) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0013:Call ntdll.NtFsControlFile(000000f0,00000084,00000000,00000000,00021ea8,00110008,00000000,00000000,00000000,00000000,) ret=7f9c24ded05a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb40,) ret=7f5c1c1d83ab | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a980 ret=7f1c8278790a | |
| 0013:Ret ntdll.NtFsControlFile() retval=00000103 ret=7f9c24ded05a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d83ab | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023820 ret=7f9c24de73b1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0013:Call ntdll.RtlReAllocateHeap(00010000,00000000,00021c70,00000010,) ret=7f9c24ded0fc | |
| 0025:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0023ec10,00000010,00000000,00000000,) ret=7f5c1c1e2dec | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f9c24df4082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a9b0 ret=7f1c8278790a | |
| 0013:Ret ntdll.RtlReAllocateHeap() retval=00021c70 ret=7f9c24ded0fc | |
| 0025:Ret ntdll.NtReadFile() retval=00000103 ret=7f5c1c1e2dec | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023c50 ret=7f9c24df4082 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0013:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00021c70,00000000,ffffffff,00000001,) ret=7f9c24df2763 | |
| 0025:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7f5c1c1e2e5b | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 0026:Call KERNEL32.InitializeCriticalSection(00023c60,) ret=7f9c24df409b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005a9e0 ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 0026:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24df409b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,0089fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aa20 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0026:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aa50 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c24de3f74 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c24de3f74 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aa80 ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000241f0,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aab0 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24de4006 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027c10,) ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000239e0 ret=7f9c24de4006 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aaf0 ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000239e0,0000002c,00000000,00000000,) ret=7f9c24decdec | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027c10 ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ab20 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24df5de6 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000080,) ret=7fdc36fcd4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f40 ret=7f9c24df5de6 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027ca0 ret=7fdc36fcd4c5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ab50 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,000239e0,) ret=7f9c24de41a4 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027ca0,) ret=7fdc36fcd50d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcd50d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ab80 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de6d24 | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055f2fa L"z:",00000000,0055f2d0,0055f300,0055f2d4,) ret=7fdc36fcebfd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c24de6d24 | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcebfd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005abc0 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f9c24dd9268 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7fdc36fcde77 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024000 ret=7f9c24dd9268 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027ca0 ret=7fdc36fcde77 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005abf0 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024090 ret=7f9c24dd9498 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027ce0 ret=7fdc36fcdd8f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ac20 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc36fcc433 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000239e0 ret=7f9c24dd9498 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027d30 ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ac50 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0055f1a0,00000000,00000000,00000000,0055f198,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023a10 ret=7f9c24dd9498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ac90 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000098,) ret=7f9c24dd7827 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027d90 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024370 ret=7f9c24dd7827 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00027d90,) ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005acd0 ret=7f1c8278790a | |
| 0026:Call KERNEL32.InitializeCriticalSection(000243c0,) ret=7f9c24dd7874 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0026:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24dd7874 | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ad00 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0055f1a0,00000000,00000000,00000000,0055f198,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024460 ret=7f9c24dd9498 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ad30 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027d90 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024490 ret=7f9c24dd9498 | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ad70 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000244c0 ret=7f9c24dd9498 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005adb0 ret=7f1c8278790a | |
| 0026:Call advapi32.SystemFunction036(000243ac,00000010,) ret=7f9c24df4adb | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0026:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ade0 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2061 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000244f0 ret=7f9c24de2061 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027f40 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ae10 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c24de6f0a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,000000da,) ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de6f0a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00027f70 ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ae50 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2cf1 | |
| 0022:Call ntdll.RtlInitUnicodeString(00027f98,00027fb8 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}",) ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024550 ret=7f9c24de2cf1 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ae80 ret=7f1c8278790a | |
| 0026:Call ntdll.NtWriteFile(000000d0,000000f4,00000000,00000000,0089fb60,00024550,00000044,00000000,00000000,) ret=7f9c24decc6c | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(00027f98,00027ee8,) ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ef28,000f0001,0055ef30,00027ee8,) ret=7fdc37490117 | |
| 0025:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f5c1c1e2e5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aeb0 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00024550,) ret=7f9c24de2d43 | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1d9f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb80 ret=7f5c1c1d9f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aee0 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,000244f0,) ret=7f9c24de23ab | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000096,) ret=7fdc36fcef89 | |
| 0025:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001cb90,00000008,00000000,00000000,) ret=7f5c1c1e2dec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028060 ret=7fdc36fcef89 | |
| 0025:Ret ntdll.NtReadFile() retval=80000005 ret=7f5c1c1e2dec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005af20 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00023f40,) ret=7f9c24df5e13 | |
| 0022:Call ntdll.RtlInitUnicodeString(00028088,000280a8 L"\\DosDevices\\Z:",) ret=7fdc36fcefc7 | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f5c1c1da006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fdc36fcefc7 | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb40 ret=7f5c1c1da006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005af50 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c24de23ab | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(00028088,00027ee8,) ret=7fdc36fcf077 | |
| 0025:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001cb40,0000002c,00000000,00000000,) ret=7f5c1c1e2dec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055efd8,000f0001,0055efe0,00027ee8,) ret=7fdc37490117 | |
| 0025:Ret ntdll.NtReadFile() retval=00000000 ret=7f5c1c1e2dec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005af80 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00023820,) ret=7f9c24de7372 | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f5c1c1ebde6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7372 | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f2d0 ret=7f5c1c1ebde6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005afb0 ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de738b | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb40,) ret=7f5c1c1da1a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de738b | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da1a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005aff0 ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028110 ret=7fdc36fcfba0 | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001f2d0,) ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023820 ret=7f9c24de73b1 | |
| 0022:Call advapi32.RegSetValueExW(0000004c,00027fb8 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}",00000000,00000003,00028110,00000004,) ret=7fdc36fcfbf1 | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b020 ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,0089fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb80,) ret=7f5c1c1d83ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0026:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d83ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b050 ret=7f1c8278790a | |
| 0026:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff,) ret=7f9c24dece5b | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1ce44a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028140 ret=7fdc36fcfba0 | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ce44a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b080 ret=7f1c82787ccc | |
| 0022:Call advapi32.RegSetValueExW(0000004c,000280a8 L"\\DosDevices\\Z:",00000000,00000003,00028140,00000004,) ret=7fdc36fcfbf1 | |
| 0025:Ret rpcrt4.NdrGetBuffer() retval=0001cab0 ret=7f5c1c47e685 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 0025:Call rpcrt4.NdrPointerMarshall(0023f320,00000000,7f5c1c490f6c,) ret=7f5c1c47e697 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b0c0 ret=7f1c8278790a | |
| 0022:Call advapi32.RegCloseKey(00000058,) ret=7fdc36fcec9a | |
| 0025:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f5c1c47e697 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fcec9a | |
| 0025:Call rpcrt4.NdrPointerMarshall(0023f320,00000000,7f5c1c491450,) ret=7f5c1c47e6a9 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b0f0 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,000276a0,) ret=7fdc36fcecb3 | |
| 0025:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f5c1c47e6a9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcecb3 | |
| 0025:Call rpcrt4.NdrSendReceive(0023f320,0001cabc,) ret=7f5c1c47e70f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b120 ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7fdc36fcffcb | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f5c1c1daefe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb40 ret=7f5c1c1daefe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b150 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000024,) ret=7f5c1c1d8cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb70 ret=7f5c1c1d8cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b190 ret=7f1c8278790a | |
| 0025:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0023ed00,0001cb70,00000024,00000000,00000000,) ret=7f5c1c1e2c6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b1c0 ret=7f1c8278790a | |
| 0025:Ret ntdll.NtWriteFile() retval=00000000 ret=7f5c1c1e2c6c | |
| 0026:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb70,) ret=7f5c1c1d8d43 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b1f0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d8d43 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb40,) ret=7f5c1c1dafa1 | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000241f0,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 0022:Call KERNEL32.CreateThread(00000000,00000000,7fdc36fcb570,00000000,00000000,00000000,) ret=7fdc36fcc0fd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b220 ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1dafa1 | |
| 0026:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f1c8278790a | |
| 0025:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0023ed40,00000010,00000000,00000000,) ret=7f5c1c1e2dec | |
| 0022:Ret KERNEL32.CreateThread() retval=00000058 ret=7fdc36fcc0fd | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24de4006 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f40 ret=7f9c24de4006 | |
| 0027:Call PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b260 ret=7f1c8278790a | |
| 0025:Ret ntdll.NtReadFile() retval=00000103 ret=7f5c1c1e2dec | |
| 0022:Call KERNEL32.CloseHandle(00000058,) ret=7fdc36fcc112 | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,00023f40,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 0027:Ret PE DLL (proc=0x7fdc3723bc70,module=0x7fdc371f0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7f5c1c1e2e5b | |
| 0022:Ret KERNEL32.CloseHandle() retval=00000001 ret=7fdc36fcc112 | |
| 0026:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 0027:Starting thread proc 0x7fdc36fcb570 (arg=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b290 ret=7f1c8278790a | |
| 0022:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fdc36fd18c0 L"Software\\Wow6432Node\\Wine\\Ports",00000000,00000000,7fdc00000002,00000002,00000000,0055f620,00000000,) ret=7fdc36fd001d | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCreateKeyExW() retval=000000b7 ret=7fdc36fd001d | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f70 ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b2c0 ret=7f1c8278790a | |
| 0022:Call advapi32.RegSetValueExW(00000000,7fdc36fd1880 L"SymbolicLinkValue",00000000,00000006,7fdc36fd1820,0000004a,) ret=7fdc36fd004b | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00023f40,) ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000006 ret=7fdc36fd004b | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b2f0 ret=7f1c82787ccc | |
| 0022:Call advapi32.RegCloseKey(00000000,) ret=7fdc36fd0055 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCloseKey() retval=00000006 ret=7fdc36fd0055 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000244f0 ret=7f9c24de7442 | |
| 0026:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,000244f0,00000010,) ret=7f9c24de748c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b330 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055f630,7fdc36fd17f0 L"\\Driver\\Serial",) ret=7fdc36fd0064 | |
| 0026:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001e:Call rpcrt4.NdrServerInitializeNew(00023820,0067f630,7f9c2535dc80,) ret=7f9c2514b688 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fdc36fd0064 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001e:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514b688 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b360 ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateDriver(0055f630,7fdc36fcedb0,) ret=7fdc36fd0073 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024690 ret=7f9c24de73b1 | |
| 001e:Call rpcrt4.NdrPointerUnmarshall(0067f630,0067f7c8,7f9c2515776c,00000000,) ret=7f9c2514b77a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748ee11 | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,0089fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001e:Ret rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7f9c2514b77a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b390 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028170 ret=7fdc3748ee11 | |
| 0026:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001e:Call rpcrt4.NdrPointerUnmarshall(0067f630,0067f7d0,7f9c25157c50,00000000,) ret=7f9c2514b793 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlDuplicateUnicodeString(00000001,0055f630,000281c8,) ret=7fdc3748ee31 | |
| 0026:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff,) ret=7f9c24dece5b | |
| 001e:Ret rpcrt4.NdrPointerUnmarshall() retval=00000000 ret=7f9c2514b793 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b3c0 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7fdc3748ee31 | |
| 001e:Call rpcrt4.NdrContextHandleInitialize(0067f630,7f9c25157774,) ret=7f9c2514b7fb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000076,) ret=7fdc3748f215 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b400 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028320 ret=7fdc3748f215 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000246f0 ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(000282f8,00028320 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Serial",) ret=7fdc3748f285 | |
| 001e:Call ntdll.RtlInitializeResource(00024728,) ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b430 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000074 ret=7fdc3748f285 | |
| 001e:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(00024728,00000001,) ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b460 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000283b0 ret=7fdc36fccaac | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fdc36fd14e0 L"Software\\Wine\\Ports",00000000,00000000,00000000,00000001,00000000,0055f220,00000000,) ret=7fdc36fcd956 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b490 ret=7f1c82787ccc | |
| 0022:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fdc36fcd956 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000247e0 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 0022:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fdc36fd1260 L"HARDWARE\\DEVICEMAP\\SERIALCOMM",00000000,00000000,00000001,000f003f,00000000,0055f228,00000000,) ret=7fdc36fcd989 | |
| 001e:Ret rpcrt4.NdrContextHandleInitialize() retval=000246f0 ret=7f9c2514b7fb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b4d0 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513cd2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fdc36fcd989 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024810 ret=7f9c2513cd2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b500 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlMapGenericMask(00024814,7f9c25156860,) ret=7f9c2513cd68 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055ee12 L"COM1",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 001e:Ret ntdll.RtlMapGenericMask() retval=00000001 ret=7f9c2513cd68 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b530 ret=7f1c8278790a | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 001e:Call rpcrt4.I_RpcGetBuffer(00023820,) ret=7f9c2514b84a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ede0,0055ee20 L"\\Device\\Serial0",) ret=7fdc36fcd6dc | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7fdc36fcd6dc | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b560 ret=7f1c82787ccc | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00028190,00000000,0055ede0,00000000,00000000,00000000,0055edd8,) ret=7fdc36fcd6fe | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024840 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000148,) ret=7fdc3748fc74 | |
| 001e:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b84a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b5a0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000283f0 ret=7fdc3748fc74 | |
| 001e:Call rpcrt4.NdrServerContextNewMarshall(0067f630,000246f0,7f9c25142690,7f9c25157774,) ret=7f9c2514b881 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcd6fe | |
| 001e:Call advapi32.SystemFunction036(00024718,00000010,) ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b5e0 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055edf0,0055ee60 L"\\DosDevices\\COM1",) ret=7fdc36fcd7db | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fcd7db | |
| 001e:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055edf0,0055ede0,) ret=7fdc36fcd7e6 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000247e0,) ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b610 ret=7f1c8278790a | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055ede0,) ret=7fdc37490117 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 001e:Call ntdll.RtlReleaseResource(00024728,) ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b640 ret=7f1c82787ccc | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd7e6 | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001b,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ee00,7fdc36fd1160 L"\\DosDevices\\AUX",) ret=7fdc36fcd86e | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7fdc36fcd86e | |
| 001e:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514b881 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b680 ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055ee00,0055edf0,) ret=7fdc36fcd879 | |
| 001e:Call rpcrt4.NdrPointerFree(0067f630,00000000,7f9c2515776c,) ret=7f9c251491a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055edf0,) ret=7fdc37490117 | |
| 001e:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c251491a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b6b0 ret=7f1c8278790a | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 001e:Call rpcrt4.NdrPointerFree(0067f630,00000000,7f9c25157c50,) ret=7f9c251491bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd879 | |
| 001e:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c251491bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b6e0 ret=7f1c8278790a | |
| 0022:Call advapi32.RegSetValueExW(00000074,0055ee20 L"\\Device\\Serial0",00000000,00000001,0055eea0,0000000a,) ret=7fdc36fcd846 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcd846 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000247e0 ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b710 ret=7f1c82787ccc | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055ee12 L"COM2",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024870 ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b750 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ede0,0055ee20 L"\\Device\\Serial1",) ret=7fdc36fcd6dc | |
| 001e:Call ntdll.NtWriteFile(000000d0,00000104,00000000,00000000,0067f7b0,00024870,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001e:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7fdc36fcd6dc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b780 ret=7f1c8278790a | |
| 0025:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f5c1c1e2e5b | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024870,) ret=7f9c24de2d43 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00028190,00000000,0055ede0,00000000,00000000,00000000,0055edd8,) ret=7fdc36fcd6fe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1d9f74 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028550 ret=7fdc36fcdd8f | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000148,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b7b0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb80 ret=7f5c1c1d9f74 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000247e0,) ret=7f9c24de23ab | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc36fcc433 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000285a0 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001cb90,00000008,00000000,00000000,) ret=7f5c1c1e2dec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028700 ret=7fdc36fcc433 | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcd6fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b7e0 ret=7f1c82787ccc | |
| 0025:Ret ntdll.NtReadFile() retval=80000005 ret=7f5c1c1e2dec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023f70,) ret=7f9c24df5e13 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 0022:Call ntdll.RtlInitUnicodeString(0055edf0,0055ee60 L"\\DosDevices\\COM2",) ret=7fdc36fcd7db | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1da006 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fcd7db | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b820 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb40 ret=7f5c1c1da006 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024840,) ret=7f9c24df5e13 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028760 ret=7fdc3748fc74 | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055edf0,0055ede0,) ret=7fdc36fcd7e6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001cb40,00000018,00000000,00000000,) ret=7f5c1c1e2dec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00028760,) ret=7fdc3748fdb7 | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055ede0,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b850 ret=7f1c8278790a | |
| 0025:Ret ntdll.NtReadFile() retval=00000000 ret=7f5c1c1e2dec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c24de23ab | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1ebde6 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd7e6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b880 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f2d0 ret=7f5c1c1ebde6 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023820,) ret=7f9c24de7804 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 0022:Call advapi32.RegSetValueExW(00000074,0055ee20 L"\\Device\\Serial1",00000000,00000001,0055eea0,0000000a,) ret=7fdc36fcd846 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1da25e | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcd846 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b8b0 ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da25e | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028760 ret=7fdc3748fc74 | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055ee12 L"COM3",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb40,) ret=7f5c1c1da1a4 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00028760,) ret=7fdc3748fdb7 | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b8f0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da1a4 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000244f0,) ret=7f9c24de783a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ede0,0055ee20 L"\\Device\\Serial2",) ret=7fdc36fcd6dc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cb80,) ret=7f5c1c1db2bc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7fdc36fcd6dc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b920 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1db2bc | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00028190,00000000,0055ede0,00000000,00000000,00000000,0055edd8,) ret=7fdc36fcd6fe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001cab0,) ret=7f5c1c1ebe13 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000148,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b950 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028760 ret=7fdc3748fc74 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028910 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7f5c1c47e70f | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcd6fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b980 ret=7f1c82787ccc | |
| 0025:Call rpcrt4.NdrClientContextUnmarshall(0023f320,0023f710,0001ee50,) ret=7f5c1c47e756 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc36fcc35a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055edf0,0055ee60 L"\\DosDevices\\COM3",) ret=7fdc36fcd7db | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f5c1c1aee46 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028a70 ret=7fdc36fcc35a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fcd7db | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b9c0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cb40 ret=7f5c1c1aee46 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055edf0,0055ede0,) ret=7fdc36fcd7e6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f5c1c1d2121 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055ede0,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005b9f0 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f300 ret=7f5c1c1d2121 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f5c1c1cf498 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd7e6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ba20 ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001cab0 ret=7f5c1c1cf498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 0022:Call advapi32.RegSetValueExW(00000074,0055ee20 L"\\Device\\Serial2",00000000,00000001,0055eea0,0000000a,) ret=7fdc36fcd846 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ba50 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f5c1c1cf498 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028ab0 ret=7fdc36fcc35a | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcd846 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f390 ret=7f5c1c1cf498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055ee12 L"COM4",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ba90 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f5c1c1cf498 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028ae0 ret=7fdc36fcc35a | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlAllocateHeap() retval=0001f3c0 ret=7f5c1c1cf498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000da,) ret=7fdc36fcef89 | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ede0,0055ee20 L"\\Device\\Serial3",) ret=7fdc36fcd6dc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bac0 ret=7f1c8278790a | |
| 0025:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f5c1c47e756 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028b10 ret=7fdc36fcef89 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7fdc36fcd6dc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Call rpcrt4.NdrFreeBuffer(0023f320,) ret=7f5c1c47ac64 | |
| 0027:Call ntdll.RtlInitUnicodeString(00028b38,00028b58 L"\\??\\Volume{00000000-dc1c-89aa-0000-000000000000}",) ret=7fdc36fcefc7 | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00028190,00000000,0055ede0,00000000,00000000,00000000,0055edd8,) ret=7fdc36fcd6fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005baf0 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001f2d0,) ret=7f5c1c1ebe13 | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000148,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00028b38,000288b8,) ret=7fdc36fcf077 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028c00 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bb20 ret=7f1c82787ccc | |
| 0025:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f5c1c47ac64 | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f3c8,000f0001,0077f3d0,000288b8,) ret=7fdc37490117 | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcd6fe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 0025:Call rpcrt4.RpcBindingFree(0023f0c0,) ret=7f5c1c471bfd | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0022:Call ntdll.RtlInitUnicodeString(0055edf0,0055ee60 L"\\DosDevices\\COM4",) ret=7fdc36fcd7db | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bb60 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001ef40,) ret=7f5c1c1d2c15 | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fcd7db | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d2c15 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055edf0,0055ede0,) ret=7fdc36fcd7e6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bb90 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001ef10,) ret=7f5c1c1d2c2d | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055ede0,) ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d2c2d | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,0000000a,) ret=7fdc36fcfba0 | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bbc0 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001eee0,) ret=7f5c1c1d2c45 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028d60 ret=7fdc36fcfba0 | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd7e6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d2c45 | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00028b58 L"\\??\\Volume{00000000-dc1c-89aa-0000-000000000000}",00000000,00000003,00028d60,0000000a,) ret=7fdc36fcfbf1 | |
| 0022:Call advapi32.RegSetValueExW(00000074,0055ee20 L"\\Device\\Serial3",00000000,00000001,0055eea0,0000000a,) ret=7fdc36fcd846 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bbf0 ret=7f1c82787ccc | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1d2c5d | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcd846 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d2c5d | |
| 0022:Call advapi32.RegQueryValueExW(00000058,0055ee12 L"COM5",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028d90 ret=7fdc36fcdd8f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bc30 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1d2c75 | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc36fcc433 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d2c75 | |
| 0022:Call advapi32.RegCloseKey(00000058,) ret=7fdc36fcdaa3 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028de0 ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bc60 ret=7f1c8278790a | |
| 0025:Call ntdll.RtlFreeHeap(00010000,00000000,0001ee50,) ret=7f5c1c1d2cb0 | |
| 0022:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fcdaa3 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0025:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d2cb0 | |
| 0022:Call advapi32.RegCloseKey(00000074,) ret=7fdc36fcdaad | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bc90 ret=7f1c8278790a | |
| 0025:Ret rpcrt4.RpcBindingFree() retval=00000000 ret=7f5c1c471bfd | |
| 0022:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fcdaad | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028e40 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,000283b0,) ret=7fdc36fcdac4 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00028e40,) ret=7fdc3748fdb7 | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f9c25144d42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bcc0 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcdac4 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f9c25144aa0 | |
| 0028:Call PE DLL (proc=0x7f5c1c1eec70,module=0x7f5c1c1a0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlCompareUnicodeString(000281c8,000272b8,00000000,) ret=7fdc3748d5a3 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c25144aa0 | |
| 0028:Ret PE DLL (proc=0x7f5c1c1eec70,module=0x7f5c1c1a0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bd00 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=0000000b ret=7fdc3748d5a3 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000036,) ret=7f9c2513e9bc | |
| 0028:Starting thread proc 0x7f5c1c472d80 (arg=0x1ca80) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7fdc36fd0073 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023820 ret=7f9c2513e9bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bd30 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055f630,7fdc36fd17c0 L"\\Driver\\Parallel",) ret=7fdc36fd0082 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028e40 ret=7fdc3748fc74 | |
| 000f:Call KERNEL32.WriteFile(000000ec,00023820,00000036,0023faac,0023fab0,) ret=7f9c2513ea71 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fd0082 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00028e40,) ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bd60 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WriteFile() retval=00000001 ret=7f9c2513ea71 | |
| 0022:Call ntoskrnl.exe.IoCreateDriver(0055f630,7fdc36fcee50,) ret=7fdc36fd0091 | |
| 0028:Call rpcrt4.NdrClientInitializeNew(0033f690,0033f7d0,7f5c1c6a5c00,00000010,) ret=7f5c1c47e970 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.ReadFile(000000ec,0023fb44,00000004,0023faac,0023fab0,) ret=7f9c2513ec37 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748ee11 | |
| 0028:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7f5c1c47e970 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bd90 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.ReadFile() retval=00000000 ret=7f9c2513ec37 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028e40 ret=7fdc3748ee11 | |
| 0028:Call rpcrt4.NDRCContextBinding(0001cb40,) ret=7f5c1c47e981 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.WaitForSingleObject(000000e8,00002710,) ret=7f9c2513ed22 | |
| 0022:Call ntdll.RtlDuplicateUnicodeString(00000001,0055f630,00028e98,) ret=7fdc3748ee31 | |
| 0028:Ret rpcrt4.NDRCContextBinding() retval=0001f300 ret=7f5c1c47e981 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bdd0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlDuplicateUnicodeString() retval=00000000 ret=7fdc3748ee31 | |
| 0028:Call rpcrt4.NdrConformantStringBufferSize(0033f7d0,0001ee90,7f5c1c490f82,) ret=7f5c1c47e9a6 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028ff0 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,0000007a,) ret=7fdc3748f215 | |
| 0028:Ret rpcrt4.NdrConformantStringBufferSize() retval=0000003e ret=7f5c1c47e9a6 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00028ff0,) ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005be00 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000291a0 ret=7fdc3748f215 | |
| 0028:Call rpcrt4.NdrGetBuffer(0033f7d0,0000003e,0001f300,) ret=7f5c1c47e9bd | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(00028fc8,000291a0 L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\Parallel",) ret=7fdc3748f285 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f5c1c1ebde6 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005be30 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000078 ret=7fdc3748f285 | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001eed0 ret=7f5c1c1ebde6 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 0028:Ret rpcrt4.NdrGetBuffer() retval=0001eed0 ret=7f5c1c47e9bd | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005be60 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00028ff0 ret=7fdc36fccaac | |
| 0028:Call rpcrt4.NdrClientContextMarshall(0033f7d0,0001cb40,00000000,) ret=7f5c1c47e9cb | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029230 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0022:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fdc36fd14e0 L"Software\\Wine\\Ports",00000000,00000000,00000000,00000001,00000000,0055f220,00000000,) ret=7fdc36fcd956 | |
| 0028:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f5c1c47e9cb | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bea0 ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fdc36fcd956 | |
| 0028:Call rpcrt4.NdrConformantStringMarshall(0033f7d0,0001ee90,7f5c1c490f82,) ret=7f5c1c47e9dd | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0022:Call advapi32.RegCreateKeyExW(ffffffff80000002,7fdc36fd1200 L"HARDWARE\\DEVICEMAP\\PARALLEL PORTS",00000000,00000000,00000001,000f003f,00000000,0055f228,00000000,) ret=7fdc36fcd989 | |
| 0028:Ret rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f5c1c47e9dd | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029030 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bed0 ret=7f1c8278790a | |
| 0022:Ret advapi32.RegCreateKeyExW() retval=00000000 ret=7fdc36fcd989 | |
| 0028:Call rpcrt4.NdrSendReceive(0033f7d0,0001ef08,) ret=7f5c1c47ea43 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0022:Call advapi32.RegQueryValueExW(00000074,0055ee12 L"LPT1",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f5c1c1daefe | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bf00 ret=7f1c8278790a | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f2d0 ret=7f5c1c1daefe | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ede0,0055ee20 L"\\Device\\Parallel0",) ret=7fdc36fcd6dc | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f5c1c1ea082 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bf30 ret=7f1c82787ccc | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000022 ret=7fdc36fcd6dc | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f3f0 ret=7f5c1c1ea082 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateDevice(00028e60,00000000,0055ede0,00000000,00000000,00000000,0055edd8,) ret=7fdc36fcd6fe | |
| 0028:Call KERNEL32.InitializeCriticalSection(0001f400,) ret=7f5c1c1ea09b | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029070 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bf70 ret=7f1c8278790a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000148,) ret=7fdc3748fc74 | |
| 0028:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f5c1c1ea09b | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000da,) ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=000293e0 ret=7fdc3748fc74 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f5c1c1d8cf1 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000290a0 ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bfa0 ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcd6fe | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f460 ret=7f5c1c1d8cf1 | |
| 0027:Call ntdll.RtlInitUnicodeString(000290c8,000290e8 L"\\??\\Volume{00000000-eef4-d2d5-0000-000000000000}",) ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055edf0,0055ee60 L"\\DosDevices\\LPT1",) ret=7fdc36fcd7db | |
| 0028:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0033f1b0,0001f460,00000050,00000000,00000000,) ret=7f5c1c1e2c6c | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005bfd0 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=00000020 ret=7fdc36fcd7db | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(000290c8,00029388,) ret=7fdc36fcf077 | |
| 0028:Ret ntdll.NtWriteFile() retval=00000000 ret=7f5c1c1e2c6c | |
| 0026:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055edf0,0055ede0,) ret=7fdc36fcd7e6 | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f3c8,000f0001,0077f3d0,00029388,) ret=7fdc37490117 | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f460,) ret=7f5c1c1d8d43 | |
| 0026:Call KERNEL32.CloseHandle(00000104,) ret=7f9c24decd8a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c000 ret=7f1c82787ccc | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055ede0,) ret=7fdc37490117 | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d8d43 | |
| 0026:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f2d0,) ret=7f5c1c1dafa1 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c040 ret=7f1c8278790a | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd7e6 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1dafa1 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000247e0 ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntdll.RtlInitUnicodeString(0055ee00,7fdc36fd10c0 L"\\DosDevices\\PRN",) ret=7fdc36fcd86e | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 0028:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0033f1f0,00000010,00000000,00000000,) ret=7f5c1c1e2dec | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000247f0,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c070 ret=7f1c8278790a | |
| 0022:Ret ntdll.RtlInitUnicodeString() retval=0000001e ret=7fdc36fcd86e | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 0028:Ret ntdll.NtReadFile() retval=00000103 ret=7f5c1c1e2dec | |
| 0026:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0022:Call ntoskrnl.exe.IoCreateSymbolicLink(0055ee00,0055edf0,) ret=7fdc36fcd879 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029540 ret=7fdc36fcfba0 | |
| 0028:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7f5c1c1e2e5b | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c0a0 ret=7f1c8278790a | |
| 0022:Call ntdll.NtCreateSymbolicLinkObject(0055ebe8,000f0001,0055ebf0,0055edf0,) ret=7fdc37490117 | |
| 0027:Call advapi32.RegSetValueExW(0000004c,000290e8 L"\\??\\Volume{00000000-eef4-d2d5-0000-000000000000}",00000000,00000003,00029540,00000004,) ret=7fdc36fcfbf1 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f40 ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0022:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,00023f40,00000038,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c0d0 ret=7f1c82787ccc | |
| 0026:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 0022:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcd879 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c24df5de6 | |
| 0022:Call advapi32.RegSetValueExW(000000a4,0055ee20 L"\\Device\\Parallel0",00000000,00000001,0055eea0,00000022,) ret=7fdc36fcd846 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c110 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029570 ret=7fdc36fccaac | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000244f0 ret=7f9c24df5de6 | |
| 0022:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcd846 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00023f40,) ret=7f9c24de41a4 | |
| 0022:Call advapi32.RegQueryValueExW(00000074,0055ee12 L"LPT2",00000000,0055edd0,0055eea0,0055edd4,) ret=7fdc36fcd608 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c140 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000295b0 ret=7fdc36fccaac | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 0022:Ret advapi32.RegQueryValueExW() retval=00000002 ret=7fdc36fcd608 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000295b0,) ret=7fdc36fccd01 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 0022:Call advapi32.RegCloseKey(00000074,) ret=7fdc36fcdaa3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c170 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fccd01 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f40 ret=7f9c24de7442 | |
| 0022:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fcdaa3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7fdc36fcde77 | |
| 0026:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023f40,00000010,) ret=7f9c24de748c | |
| 0022:Call advapi32.RegCloseKey(000000a4,) ret=7fdc36fcdaad | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c1a0 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000295b0 ret=7fdc36fcde77 | |
| 0026:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001d:Call rpcrt4.NdrServerInitializeNew(00024690,0056f630,7f9c2535dc80,) ret=7f9c2514e988 | |
| 0022:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fcdaad | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001d:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514e988 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00028ff0,) ret=7fdc36fcdac4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c1e0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000295f0 ret=7fdc36fcdd8f | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024840 ret=7f9c24de73b1 | |
| 001d:Call rpcrt4.NdrServerContextNewUnmarshall(0056f630,7f9c2515777c,) ret=7f9c2514ea6f | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcdac4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc36fcc433 | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,0089fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(00024728,00000001,) ret=7f9c24dd8a24 | |
| 0022:Call ntdll.RtlCompareUnicodeString(00028e98,000272b8,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c210 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029640 ret=7fdc36fcc433 | |
| 0026:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=00000008 ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 0026:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff,) ret=7f9c24dece5b | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 0022:Call ntdll.RtlCompareUnicodeString(00028e98,000281c8,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c240 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000248a0 ret=7f9c24df6e5c | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=fffffffd ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029690 ret=7fdc3748fc74 | |
| 001d:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000246f0 ret=7f9c2514ea6f | |
| 0022:Ret ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7fdc36fd0091 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c270 ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00029690,) ret=7fdc3748fdb7 | |
| 001d:Call rpcrt4.NdrConformantStringUnmarshall(0056f630,0056f7d0,7f9c25157782,00000000,) ret=7f9c2514ea90 | |
| 0022:Ret driver init 0x7fdc36fd0170 (obj=0x26d00,str=L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\MountMgr") retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 001d:Ret rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7f9c2514ea90 | |
| 0022:Call ntdll.RtlCompareUnicodeString(00026d38,00028e98,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c2b0 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 001d:Call rpcrt4.NdrContextHandleInitialize(0056f630,7f9c25157784,) ret=7f9c2514eaf8 | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=fffffffd ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 0022:Call ntdll.RtlCompareUnicodeString(00026d38,000272b8,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c2e0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000248d0 ret=7f9c24dd88b0 | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=00000005 ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029690 ret=7fdc3748fc74 | |
| 001d:Call ntdll.RtlInitializeResource(00024908,) ret=7f9c24dd88d5 | |
| 0022:Ret ntoskrnl.exe.IoCreateDriver() retval=00000000 ret=7fdc37a61557 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c310 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 001d:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 0022:Call ntoskrnl.exe.ObReferenceObjectByName(0055fb40,00000040,00000000,00000000,00000000,00000000,00000000,0055fb38,) ret=7fdc37a61967 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003a,) ret=7fdc36fcc5ed | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(00024908,00000001,) ret=7f9c24dd88f0 | |
| 0022:Call ntdll.RtlCompareUnicodeString(0055fb40,00028e98,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c340 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029840 ret=7fdc36fcc5ed | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=fffffffd ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(0077f610,0077f600,) ret=7fdc36fcc642 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 0022:Call ntdll.RtlCompareUnicodeString(0055fb40,000272b8,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c380 ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f428,000f0001,0077f430,0077f600,) ret=7fdc37490117 | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24df6e5c | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=00000005 ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 001d:Ret rpcrt4.NdrContextHandleInitialize() retval=000248d0 ret=7f9c2514eaf8 | |
| 0022:Call ntdll.RtlCompareUnicodeString(0055fb40,00026d38,00000000,) ret=7fdc3748d5a3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c3b0 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcc642 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513bebc | |
| 0022:Ret ntdll.RtlCompareUnicodeString() retval=00000000 ret=7fdc3748d5a3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002b,) ret=7fdc36fcc35a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000249f0 ret=7f9c2513bebc | |
| 0022:Ret ntoskrnl.exe.ObReferenceObjectByName() retval=00000000 ret=7fdc37a61967 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c3e0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028ff0 ret=7fdc36fcc35a | |
| 001d:Call ntdll.RtlMapGenericMask(000249f4,7f9c25156850,) ret=7f9c2513bef5 | |
| 0022:Call ntdll.RtlFreeUnicodeString(0055fb40,) ret=7fdc37a61972 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 001d:Ret ntdll.RtlMapGenericMask() retval=00008000 ret=7f9c2513bef5 | |
| 0022:Ret ntdll.RtlFreeUnicodeString() retval=00000001 ret=7fdc37a61972 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c410 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 001d:Call rpcrt4.I_RpcGetBuffer(00024690,) ret=7f9c2514eb4b | |
| 0022:Call advapi32.SetServiceStatus(00025850,0055fb50,) ret=7fdc37a61a4c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 0022:Call rpcrt4.NdrClientInitializeNew(0055f4d0,0055f610,7fdc37946c00,00000007,) ret=7fdc3771d7aa | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c450 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024a20 ret=7f9c24df5de6 | |
| 0022:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7fdc3771d7aa | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7fdc36fcc35a | |
| 001d:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514eb4b | |
| 0022:Call rpcrt4.NDRCContextBinding(00025850,) ret=7fdc3771d7bb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c480 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00026ca0 ret=7fdc36fcc35a | |
| 001d:Call rpcrt4.NdrServerContextNewMarshall(0056f630,000248d0,7f9c25142690,7f9c25157784,) ret=7f9c2514eb82 | |
| 0022:Ret rpcrt4.NDRCContextBinding() retval=00026a10 ret=7fdc3771d7bb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000ce,) ret=7fdc36fcef89 | |
| 001d:Call advapi32.SystemFunction036(000248f8,00000010,) ret=7f9c24df4adb | |
| 0022:Call rpcrt4.NdrGetBuffer(0055f610,00000038,00026a10,) ret=7fdc3771d7de | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c4b0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029890 ret=7fdc36fcef89 | |
| 001d:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc37238de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlInitUnicodeString(000298b8,000298d8 L"\\??\\Volume{00000000-0000-0000-0000-000000000044}",) ret=7fdc36fcefc7 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24df6f0b | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00029970 ret=7fdc37238de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c4e0 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 0022:Ret rpcrt4.NdrGetBuffer() retval=00029970 ret=7fdc3771d7de | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(000298b8,000297e8,) ret=7fdc36fcf077 | |
| 001d:Call ntdll.RtlReleaseResource(00024908,) ret=7f9c24dd8d4a | |
| 0022:Call rpcrt4.NdrClientContextMarshall(0055f610,00025850,00000000,) ret=7fdc3771d7ec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c520 ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f388,000f0001,0077f390,000297e8,) ret=7fdc37490117 | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 0022:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7fdc3771d7ec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 001d:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514eb82 | |
| 0022:Call rpcrt4.NdrSimpleStructMarshall(0055f610,0055fb50,7fdc37731ea4,) ret=7fdc3771d7fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c550 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 001d:Call rpcrt4.NdrPointerFree(0056f630,00024510,7f9c25157780,) ret=7f9c2514ec06 | |
| 0022:Ret rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7fdc3771d7fe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000008a,) ret=7fdc36fcef89 | |
| 001d:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c2514ec06 | |
| 0022:Call rpcrt4.NdrSendReceive(0055f610,000299a0,) ret=7fdc3771d80e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c580 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000299c0 ret=7fdc36fcef89 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000248a0,) ret=7f9c24df6f92 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7fdc37227efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlInitUnicodeString(000299e8,00029a08 L"\\DosDevices\\D:",) ret=7fdc36fcefc7 | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fdc36fcefc7 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00029a60 ret=7fdc37227efe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c5b0 ret=7f1c82787ccc | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(000299e8,000297e8,) ret=7fdc36fcf077 | |
| 001d:Call ntdll.RtlReleaseResource(00024728,) ret=7f9c24dd8d4a | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7fdc37237082 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f438,000f0001,0077f440,000297e8,) ret=7fdc37490117 | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00029a90 ret=7fdc37237082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c5f0 ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 0022:Call KERNEL32.InitializeCriticalSection(00029aa0,) ret=7fdc3723709b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000248a0 ret=7f9c24de1e37 | |
| 0022:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7fdc3723709b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c620 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7fdc37225cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024a50 ret=7f9c24de2cf1 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00029b40 ret=7fdc37225cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c650 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 001d:Call ntdll.NtWriteFile(000000d0,0000010c,00000000,00000000,0056f7b0,00024a50,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 0022:Call ntdll.NtWriteFile(00000030,0000003c,00000000,00000000,0055eff0,00029b40,00000048,00000000,00000000,) ret=7fdc3722fc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c680 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029ba0 ret=7fdc36fcfba0 | |
| 001d:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f5c1c1e2e5b | |
| 0022:Ret ntdll.NtWriteFile() retval=00000000 ret=7fdc3722fc6c | |
| 0021:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0027:Call advapi32.RegSetValueExW(0000004c,000298d8 L"\\??\\Volume{00000000-0000-0000-0000-000000000044}",00000000,00000003,00029ba0,00000004,) ret=7fdc36fcfbf1 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024a50,) ret=7f9c24de2d43 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1d9f74 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00029b40,) ret=7fdc37225d43 | |
| 0021:Call KERNEL32.CloseHandle(000000e0,) ret=7f9c24decd8a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c6c0 ret=7f1c8278790a | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f2d0 ret=7f5c1c1d9f74 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37225d43 | |
| 0021:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000248a0,) ret=7f9c24de23ab | |
| 0028:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001f2e0,00000008,00000000,00000000,) ret=7f5c1c1e2dec | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00029a60,) ret=7fdc37227fa1 | |
| 0028:Ret ntdll.NtReadFile() retval=80000005 ret=7f5c1c1e2dec | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c6f0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37227fa1 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1da006 | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=000248a0 ret=7f9c24de3f74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000244f0,) ret=7f9c24df5e13 | |
| 0022:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,0055f030,00000010,00000000,00000000,) ret=7fdc3722fdec | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001ef20 ret=7f5c1c1da006 | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,000248b0,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c720 ret=7f1c8278790a | |
| 0021:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029a60 ret=7fdc36fcfba0 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0022:Ret ntdll.NtReadFile() retval=00000103 ret=7fdc3722fdec | |
| 0028:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001ef20,00000018,00000000,00000000,) ret=7f5c1c1e2dec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Ret ntdll.NtReadFile() retval=00000000 ret=7f5c1c1e2dec | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24de4006 | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00029a08 L"\\DosDevices\\D:",00000000,00000003,00029a60,00000004,) ret=7fdc36fcfbf1 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024a20,) ret=7f9c24df5e13 | |
| 0022:Call KERNEL32.WaitForSingleObject(0000003c,ffffffff,) ret=7fdc3722fe5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c750 ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1ebde6 | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023fc0 ret=7f9c24de4006 | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f460 ret=7f5c1c1ebde6 | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,00023fc0,00000030,00000000,00000000,) ret=7f9c24decdec | |
| 0027:Call advapi32.RegCreateKeyW(ffffffff80000002,7fdc36fd1520 L"Software\\Wine\\Drives",0077f720,) ret=7fdc36fce4e5 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000247e0,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c790 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1da25e | |
| 0021:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 0027:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7fdc36fce4e5 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da25e | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24df5de6 | |
| 0027:Call advapi32.RegDeleteValueW(000000c0,0077f732 L"d:",) ret=7fdc36fce608 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024690,) ret=7f9c24de7804 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c7d0 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001ef20,) ret=7f5c1c1da1a4 | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=000244f0 ret=7f9c24df5de6 | |
| 0027:Ret advapi32.RegDeleteValueW() retval=00000002 ret=7fdc36fce608 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da1a4 | |
| 0021:Call ntdll.RtlFreeHeap(00010000,00000000,00023fc0,) ret=7f9c24de41a4 | |
| 0027:Call advapi32.RegCloseKey(000000c0,) ret=7fdc36fce57a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c800 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f2d0,) ret=7f5c1c1db2bc | |
| 0021:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 0027:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fce57a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1db2bc | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00023fc0 ret=7f9c24de7442 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00029570,) ret=7fdc36fce3b2 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023f40,) ret=7f9c24de783a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c830 ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001eed0,) ret=7f5c1c1ebe13 | |
| 0021:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023fc0,00000010,) ret=7f9c24de748c | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fce3b2 | |
| 001e:Call rpcrt4.NdrServerInitializeNew(000223f0,0067f640,7f9c2535dc80,) ret=7f9c2514afd8 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 0021:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 0027:Call KERNEL32.LoadLibraryA(7fdc371d46c8 "user32.dll",) ret=7fdc36fd0141 | |
| 001e:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514afd8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c870 ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7f5c1c47ea43 | |
| 0021:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001e:Call rpcrt4.NdrServerContextNewUnmarshall(0067f640,7f9c251576a0,) ret=7f9c2514b0b3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0028:Call rpcrt4.NdrClientContextUnmarshall(0033f7d0,0033fbb0,0001f300,) ret=7f5c1c47ea89 | |
| 0021:Ret ntdll.RtlAllocateHeap() retval=00024690 ret=7f9c24de73b1 | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(00024128,00000001,) ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c8a0 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f5c1c1aee46 | |
| 0021:Call ntdll.NtReadFile(000000a0,000000d4,00000000,00000000,00023db8,0078fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001eed0 ret=7f5c1c1aee46 | |
| 0021:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c8d0 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f5c1c1d2121 | |
| 0021:Call KERNEL32.WaitForSingleObject(000000d4,ffffffff,) ret=7f9c24dece5b | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f490 ret=7f5c1c1d2121 | |
| 001e:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000240f0 ret=7f9c2514b0b3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c900 ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f5c1c1cf498 | |
| 001e:Call rpcrt4.NdrSimpleStructUnmarshall(0067f640,0067f7e0,7f9c251576a4,00000000,) ret=7f9c2514b0d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f2d0 ret=7f5c1c1cf498 | |
| 001e:Ret rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7f9c2514b0d4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c940 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f5c1c1cf498 | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001ef20 ret=7f5c1c1cf498 | |
| 001e:Call KERNEL32.SetEvent(00000044,) ret=7f9c2513df42 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f5c1c1cf498 | |
| 001e:Ret KERNEL32.SetEvent() retval=00000001 ret=7f9c2513df42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c970 ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f520 ret=7f5c1c1cf498 | |
| 001e:Call rpcrt4.I_RpcGetBuffer(000223f0,) ret=7f9c2514b13f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f5c1c47ea89 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c9a0 ret=7f1c8278790a | |
| 0028:Call rpcrt4.NdrFreeBuffer(0033f7d0,) ret=7f5c1c47eaec | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f460,) ret=7f5c1c1ebe13 | |
| 001e:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b13f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005c9d0 ret=7f1c82787ccc | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24df6f92 | |
| 0027:Call PE DLL (proc=0x7fdc3586ad90,module=0x7fdc357d0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f5c1c47eaec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ca10 ret=7f1c8278790a | |
| 0028:Call rpcrt4.NdrClientInitializeNew(0033f690,0033f7d0,7f5c1c6a5c00,00000010,) ret=7f5c1c47e970 | |
| 001e:Call ntdll.RtlReleaseResource(00024128,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7f5c1c47e970 | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ca40 ret=7f1c8278790a | |
| 0028:Call rpcrt4.NDRCContextBinding(0001cb40,) ret=7f5c1c47e981 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NDRCContextBinding() retval=0001f300 ret=7f5c1c47e981 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ca70 ret=7f1c8278790a | |
| 0028:Call rpcrt4.NdrConformantStringBufferSize(0033f7d0,0001ee90,7f5c1c490f82,) ret=7f5c1c47e9a6 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,0000001c,) ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Ret rpcrt4.NdrConformantStringBufferSize() retval=0000003e ret=7f5c1c47e9a6 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024540 ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005caa0 ret=7f1c82787ccc | |
| 0028:Call rpcrt4.NdrGetBuffer(0033f7d0,0000003e,0001f300,) ret=7f5c1c47e9bd | |
| 001e:Call ntdll.NtWriteFile(000000a0,000000e0,00000000,00000000,0067f7b0,00024540,0000001c,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000013,) ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003e,) ret=7f5c1c1ebde6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cae0 ret=7f1c8278790a | |
| 001e:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 0022:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7fdc3722fe5b | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f550 ret=7f5c1c1ebde6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024540,) ret=7f9c24de2d43 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7fdc37226f74 | |
| 0028:Ret rpcrt4.NdrGetBuffer() retval=0001f550 ret=7f5c1c47e9bd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cb10 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=0002ed60 ret=7fdc37226f74 | |
| 0028:Call rpcrt4.NdrClientContextMarshall(0033f7d0,0001cb40,00000000,) ret=7f5c1c47e9cb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24de23ab | |
| 0022:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,0002ed70,00000008,00000000,00000000,) ret=7fdc3722fdec | |
| 0028:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f5c1c47e9cb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cb40 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0022:Ret ntdll.NtReadFile() retval=80000005 ret=7fdc3722fdec | |
| 0028:Call rpcrt4.NdrConformantStringMarshall(0033f7d0,0001ee90,7f5c1c490f82,) ret=7f5c1c47e9dd | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000244f0,) ret=7f9c24df5e13 | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7fdc37227006 | |
| 0028:Ret rpcrt4.NdrConformantStringMarshall() retval=00000000 ret=7f5c1c47e9dd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cb70 ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=00029b40 ret=7fdc37227006 | |
| 0028:Call rpcrt4.NdrSendReceive(0033f7d0,0001f588,) ret=7f5c1c47ea43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c24df5e13 | |
| 0022:Call ntdll.NtReadFile(00000030,0000003c,00000000,00000000,00025998,00029b40,00000004,00000000,00000000,) ret=7fdc3722fdec | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f5c1c1daefe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cbb0 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0022:Ret ntdll.NtReadFile() retval=00000000 ret=7fdc3722fdec | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f460 ret=7f5c1c1daefe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000248a0,) ret=7f9c24de23ab | |
| 0022:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7fdc37238de6 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f5c1c1d8cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cbe0 ret=7f1c8278790a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0022:Ret ntdll.RtlAllocateHeap() retval=0002ed90 ret=7fdc37238de6 | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f5a0 ret=7f5c1c1d8cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cc10 ret=7f1c8278790a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de7804 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc3722725e | |
| 0028:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0033f1b0,0001f5a0,00000050,00000000,00000000,) ret=7f5c1c1e2c6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3722725e | |
| 0028:Ret ntdll.NtWriteFile() retval=00000000 ret=7f5c1c1e2c6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cc40 ret=7f1c82787ccc | |
| 0026:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00029b40,) ret=7fdc372271a4 | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f5a0,) ret=7f5c1c1d8d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0026:Call KERNEL32.CloseHandle(0000010c,) ret=7f9c24decd8a | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372271a4 | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d8d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cc80 ret=7f1c8278790a | |
| 0026:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023fc0,) ret=7f9c24de783a | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,0002ed60,) ret=7fdc372282bc | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f460,) ret=7f5c1c1dafa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc372282bc | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1dafa1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ccb0 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000248a0 ret=7f9c24de3f74 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,00029970,) ret=7fdc37238e13 | |
| 0028:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0033f1f0,00000010,00000000,00000000,) ret=7f5c1c1e2dec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000248b0,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 0028:Ret ntdll.NtReadFile() retval=00000103 ret=7f5c1c1e2dec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cce0 ret=7f1c8278790a | |
| 0026:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0022:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7fdc3771d80e | |
| 0028:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7f5c1c1e2e5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c24de4006 | |
| 0022:Call rpcrt4.NdrFreeBuffer(0055f610,) ret=7fdc3771d8a7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cd10 ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de4006 | |
| 0022:Call ntdll.RtlFreeHeap(00010000,00000000,0002ed90,) ret=7fdc37238e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000223f0,00000038,00000000,00000000,) ret=7f9c24decdec | |
| 0022:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc37238e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cd50 ret=7f1c8278790a | |
| 0026:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 0022:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7fdc3771d8a7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f9c24df5de6 | |
| 0022:Ret advapi32.SetServiceStatus() retval=00000001 ret=7fdc37a61a4c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cd80 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cdb0 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cde0 ret=7f1c82787ccc | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000223f0 ret=7f9c24de7442 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 0026:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,000223f0,00000010,) ret=7f9c24de748c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ce20 ret=7f1c8278790a | |
| 0026:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001d:Call rpcrt4.NdrServerInitializeNew(00024840,0056f630,7f9c2535dc80,) ret=7f9c2514e988 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001d:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514e988 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ce50 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000245d0 ret=7f9c24de73b1 | |
| 001d:Call rpcrt4.NdrServerContextNewUnmarshall(0056f630,7f9c2515777c,) ret=7f9c2514ea6f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,0089fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(00024728,00000001,) ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ce80 ret=7f1c8278790a | |
| 0026:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff,) ret=7f9c24dece5b | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ceb0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000037,) ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000246f0 ret=7f9c2514ea6f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cef0 ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrConformantStringUnmarshall(0056f630,0056f7d0,7f9c25157782,00000000,) ret=7f9c2514ea90 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrConformantStringUnmarshall() retval=00000000 ret=7f9c2514ea90 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cf40 ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrContextHandleInitialize(0056f630,7f9c25157784,) ret=7f9c2514eaf8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,000000a0,) ret=7f9c24dd88b0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cf70 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024a60 ret=7f9c24dd88b0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlInitializeResource(00024a98,) ret=7f9c24dd88d5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cfa0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlInitializeResource() retval=00000000 ret=7f9c24dd88d5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAcquireResourceExclusive(00024a98,00000001,) ret=7f9c24dd88f0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005cfe0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd88f0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d010 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024b50 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrContextHandleInitialize() retval=00024a60 ret=7f9c2514eaf8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d040 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c2513bebc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024b80 ret=7f9c2513bebc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d070 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlMapGenericMask(00024b84,7f9c25156850,) ret=7f9c2513bef5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlMapGenericMask() retval=0002008f ret=7f9c2513bef5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d0b0 ret=7f1c8278790a | |
| 001d:Call rpcrt4.I_RpcGetBuffer(00024840,) ret=7f9c2514eb4b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d0e0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024bb0 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514eb4b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d110 ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrServerContextNewMarshall(0056f630,00024a60,7f9c25142690,7f9c25157784,) ret=7f9c2514eb82 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call advapi32.SystemFunction036(00024a88,00000010,) ret=7f9c24df4adb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d140 ret=7f1c82787ccc | |
| 001d:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002a,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024b50,) ret=7f9c24df6f0b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d180 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f0b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlReleaseResource(00024a98,) ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d1c0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Ret rpcrt4.NdrServerContextNewMarshall() retval=00000001 ret=7f9c2514eb82 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d1f0 ret=7f1c8278790a | |
| 001d:Call rpcrt4.NdrPointerFree(0056f630,00023fa0,7f9c25157780,) ret=7f9c2514ec06 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret rpcrt4.NdrPointerFree() retval=00000000 ret=7f9c2514ec06 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d220 ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24df6f92 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d260 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlReleaseResource(00024728,) ret=7f9c24dd8d4a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d290 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d2c0 ret=7f1c8278790a | |
| 001d:Call ntdll.RtlAllocateHeap(00010000,00000008,00000030,) ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlAllocateHeap() retval=00024be0 ret=7f9c24de2cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d2f0 ret=7f1c82787ccc | |
| 001d:Call ntdll.NtWriteFile(000000d0,00000114,00000000,00000000,0056f7b0,00024be0,00000030,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 001d:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d330 ret=7f1c8278790a | |
| 0028:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f5c1c1e2e5b | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024be0,) ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d360 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1d9f74 | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d390 ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f460 ret=7f5c1c1d9f74 | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d3c0 ret=7f1c82787ccc | |
| 0028:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001f470,00000008,00000000,00000000,) ret=7f5c1c1e2dec | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0028:Ret ntdll.NtReadFile() retval=80000005 ret=7f5c1c1e2dec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c24df5e13 | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1da006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d400 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f5a0 ret=7f5c1c1da006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024bb0,) ret=7f9c24df5e13 | |
| 0028:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001f5a0,00000018,00000000,00000000,) ret=7f5c1c1e2dec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d440 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 0028:Ret ntdll.NtReadFile() retval=00000000 ret=7f5c1c1e2dec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000248a0,) ret=7f9c24de23ab | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1ebde6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d470 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f5d0 ret=7f5c1c1ebde6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00024840,) ret=7f9c24de7804 | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1da25e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d4a0 ret=7f1c82787ccc | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da25e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f5a0,) ret=7f5c1c1da1a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d4e0 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da1a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 001d:Call ntdll.RtlFreeHeap(00010000,00000000,000223f0,) ret=7f9c24de783a | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f460,) ret=7f5c1c1db2bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d510 ret=7f1c8278790a | |
| 001d:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1db2bc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d540 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f550,) ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d570 ret=7f1c82787ccc | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000011,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d5b0 ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7f5c1c47ea43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d5e0 ret=7f1c8278790a | |
| 0028:Call rpcrt4.NdrClientContextUnmarshall(0033f7d0,0033fbb0,0001f300,) ret=7f5c1c47ea89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d610 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f5c1c1aee46 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f550 ret=7f5c1c1aee46 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d640 ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f5c1c1d2121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d680 ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f600 ret=7f5c1c1d2121 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d6b0 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f5c1c1cf498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d6e0 ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f460 ret=7f5c1c1cf498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f5c1c1cf498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d710 ret=7f1c82787ccc | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f690 ret=7f5c1c1cf498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d750 ret=7f1c8278790a | |
| 0028:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f5c1c1cf498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d780 ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlAllocateHeap() retval=0001f6c0 ret=7f5c1c1cf498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrClientContextUnmarshall() retval=00000000 ret=7f5c1c47ea89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d7b0 ret=7f1c8278790a | |
| 0028:Call rpcrt4.NdrFreeBuffer(0033f7d0,) ret=7f5c1c47eaec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d7e0 ret=7f1c82787ccc | |
| 0028:Call ntdll.RtlFreeHeap(00010000,00000000,0001f5d0,) ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d820 ret=7f1c8278790a | |
| 0028:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d860 ret=7f1c8278790a | |
| 0028:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f5c1c47eaec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d890 ret=7f1c8278790a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d8c0 ret=7f1c82787ccc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002b,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d900 ret=7f1c8278790a | |
| 0029:Call PE DLL (proc=0x7f5c1c1eec70,module=0x7f5c1c1a0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c2513ed22 | |
| 0029:Ret PE DLL (proc=0x7f5c1c1eec70,module=0x7f5c1c1a0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d940 ret=7f1c8278790a | |
| 000f:Call KERNEL32.GetOverlappedResult(000000ec,0023fab0,0023faac,00000000,) ret=7f9c2513eca3 | |
| 0029:Starting thread proc 0x7f5c1c470f20 (arg=0x1ca10) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f1c8278790a | |
| 000f:Ret KERNEL32.GetOverlappedResult() retval=00000001 ret=7f9c2513eca3 | |
| 0029:Call advapi32.RegisterServiceCtrlHandlerExW(7f5c1c9c0290 L"PlugPlay",7f5c1c7bea50,00000000,) ret=7f5c1c7be91e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d970 ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023820,) ret=7f9c2513eae3 | |
| 0029:Ret advapi32.RegisterServiceCtrlHandlerExW() retval=0001eed0 ret=7f5c1c7be91e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c2513eae3 | |
| 0029:Call advapi32.SetServiceStatus(0001eed0,0044fbc0,) ret=7f5c1c7be963 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d9a0 ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c25144bbf | |
| 0029:Call rpcrt4.NdrClientInitializeNew(0044f580,0044f6c0,7f5c1c6a5c00,00000007,) ret=7f5c1c47c7aa | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144bbf | |
| 0029:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7f5c1c47c7aa | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005d9e0 ret=7f1c8278790a | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023fb70,00000000,00002710,) ret=7f9c25144c81 | |
| 0029:Call rpcrt4.NDRCContextBinding(0001eed0,) ret=7f5c1c47c7bb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0029:Ret rpcrt4.NDRCContextBinding() retval=0001f490 ret=7f5c1c47c7bb | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005da10 ret=7f1c8278790a | |
| 0029:Call rpcrt4.NdrGetBuffer(0044f6c0,00000038,0001f490,) ret=7f5c1c47c7de | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7f5c1c1ebde6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005da40 ret=7f1c8278790a | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f720 ret=7f5c1c1ebde6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0029:Ret rpcrt4.NdrGetBuffer() retval=0001f720 ret=7f5c1c47c7de | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005da70 ret=7f1c82787ccc | |
| 0029:Call rpcrt4.NdrClientContextMarshall(0044f6c0,0001eed0,00000000,) ret=7f5c1c47c7ec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000021,) ret=7f1c8278790a | |
| 0029:Ret rpcrt4.NdrClientContextMarshall() retval=00000000 ret=7f5c1c47c7ec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dab0 ret=7f1c8278790a | |
| 0029:Call rpcrt4.NdrSimpleStructMarshall(0044f6c0,0044fbc0,7f5c1c490ea4,) ret=7f5c1c47c7fe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0029:Ret rpcrt4.NdrSimpleStructMarshall() retval=00000000 ret=7f5c1c47c7fe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005daf0 ret=7f1c8278790a | |
| 0029:Call rpcrt4.NdrSendReceive(0044f6c0,0001f750,) ret=7f5c1c47c80e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f5c1c1daefe | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005db20 ret=7f1c8278790a | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f770 ret=7f5c1c1daefe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f5c1c1ea082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005db50 ret=7f1c82787ccc | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f7a0 ret=7f5c1c1ea082 | |
| 0027:Ret PE DLL (proc=0x7fdc3586ad90,module=0x7fdc357d0000 L"gdi32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0029:Call KERNEL32.InitializeCriticalSection(0001f7b0,) ret=7f5c1c1ea09b | |
| 0027:Call PE DLL (proc=0x7fdc355ad9e0,module=0x7fdc355a0000 L"version.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005db90 ret=7f1c8278790a | |
| 0029:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f5c1c1ea09b | |
| 0027:Call KERNEL32.DisableThreadLibraryCalls(7fdc355a0000,) ret=7fdc355adb31 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f5c1c1d8cf1 | |
| 0027:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7fdc355adb31 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dbc0 ret=7f1c8278790a | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f850 ret=7f5c1c1d8cf1 | |
| 0027:Ret PE DLL (proc=0x7fdc355ad9e0,module=0x7fdc355a0000 L"version.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0029:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0044f0a0,0001f850,00000048,00000000,00000000,) ret=7f5c1c1e2c6c | |
| 0027:Call PE DLL (proc=0x7fdc35c04370,module=0x7fdc35b50000 L"user32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 0029:Ret ntdll.NtWriteFile() retval=00000000 ret=7f5c1c1e2c6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dbf0 ret=7f1c8278790a | |
| 0026:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,0001f850,) ret=7f5c1c1d8d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0026:Call KERNEL32.CloseHandle(00000114,) ret=7f9c24decd8a | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1d8d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dc20 ret=7f1c82787ccc | |
| 0026:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24decd8a | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,0001f770,) ret=7f5c1c1dafa1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1dafa1 | |
| 0027:Call PE DLL (proc=0x7fdc34815ea0,module=0x7fdc34800000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dc60 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c24de3f74 | |
| 0029:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0044f0e0,00000010,00000000,00000000,) ret=7f5c1c1e2dec | |
| 0027:Call user32.User32InitializeImmEntryTable(19650412,) ret=7fdc34813816 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,000241f0,00000008,00000000,00000000,) ret=7f9c24decdec | |
| 0029:Ret ntdll.NtReadFile() retval=00000103 ret=7f5c1c1e2dec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dc90 ret=7f1c8278790a | |
| 0027:Ret user32.User32InitializeImmEntryTable() retval=00000001 ret=7fdc34813816 | |
| 0026:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0029:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7f5c1c1e2e5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret PE DLL (proc=0x7fdc34815ea0,module=0x7fdc34800000 L"imm32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24de4006 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dcc0 ret=7f1c8278790a | |
| 0027:Ret PE DLL (proc=0x7fdc35c04370,module=0x7fdc35b50000 L"user32.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023780 ret=7f9c24de4006 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret KERNEL32.LoadLibraryA() retval=7fdc35b50000 ret=7fdc36fd0141 | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,00023780,00000030,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dcf0 ret=7f1c82787ccc | |
| 0027:Call KERNEL32.GetProcAddress(7fdc35b50000,7fdc371d46d3 "BroadcastSystemMessageW",) ret=7fdc36fd011e | |
| 0026:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0027:Ret KERNEL32.GetProcAddress() retval=7fdc35b588c8 ret=7fdc36fd011e | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000030,) ret=7f9c24df5de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dd30 ret=7f1c8278790a | |
| 0027:Call user32.BroadcastSystemMessageW(00000021,00000000,00000219,00008000,0077f6b0,) ret=7fdc36fcce51 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00024a20 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlFreeHeap(00010000,00000000,00023780,) ret=7f9c24de41a4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dd60 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f9c24de7442 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dd90 ret=7f1c8278790a | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023780 ret=7f9c24de7442 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 0026:Call KERNEL32.QueueUserWorkItem(7f9c24de7730,00023780,00000010,) ret=7f9c24de748c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ddc0 ret=7f1c82787ccc | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 0026:Ret KERNEL32.QueueUserWorkItem() retval=00000001 ret=7f9c24de748c | |
| 001e:Call rpcrt4.NdrServerInitializeNew(000245d0,0067f640,7f9c2535dc80,) ret=7f9c2514afd8 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 0026:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 001e:Ret rpcrt4.NdrServerInitializeNew() retval=00000000 ret=7f9c2514afd8 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005de00 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 0026:Ret ntdll.RtlAllocateHeap() retval=00023820 ret=7f9c24de73b1 | |
| 001e:Call rpcrt4.NdrServerContextNewUnmarshall(0067f640,7f9c251576a0,) ret=7f9c2514b0b3 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 0026:Call ntdll.NtReadFile(000000d0,000000f4,00000000,00000000,00024338,0089fba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 001e:Call ntdll.RtlAcquireResourceExclusive(00024908,00000001,) ret=7f9c24dd8a24 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005de30 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 0026:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 001e:Ret ntdll.RtlAcquireResourceExclusive() retval=00000001 ret=7f9c24dd8a24 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 0026:Call KERNEL32.WaitForSingleObject(000000f4,ffffffff,) ret=7f9c24dece5b | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24df6e5c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005de60 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24df6e5c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 001e:Ret rpcrt4.NdrServerContextNewUnmarshall() retval=000248d0 ret=7f9c2514b0b3 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005de90 ret=7f1c82787ccc | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 001e:Call rpcrt4.NdrSimpleStructUnmarshall(0067f640,0067f7e0,7f9c251576a4,00000000,) ret=7f9c2514b0d4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 001e:Ret rpcrt4.NdrSimpleStructUnmarshall() retval=00000000 ret=7f9c2514b0d4 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ded0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 001e:Call KERNEL32.SetEvent(0000004c,) ret=7f9c2513df42 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000f:Ret KERNEL32.WaitForMultipleObjects() retval=00000000 ret=7f9c25144c81 | |
| 001e:Ret KERNEL32.SetEvent() retval=00000001 ret=7f9c2513df42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005df00 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 001e:Call rpcrt4.I_RpcGetBuffer(000245d0,) ret=7f9c2514b13f | |
| 000f:Call KERNEL32.ReleaseMutex(000000e4,) ret=7f9c25144c15 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f9c24df5de6 | |
| 000f:Ret KERNEL32.ReleaseMutex() retval=00000001 ret=7f9c25144c15 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005df30 ret=7f1c8278790a | |
| 0011:Call user32.DefWindowProcW(00010030,00000219,00008000,0004de50,) ret=7fc24c4e3694 | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024b50 ret=7f9c24df5de6 | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(00021760 L"C:\\windows\\system32\\drivers\\winebus.sys",00000000,00000000,) ret=7f9c25143c61 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 001e:Ret rpcrt4.I_RpcGetBuffer() retval=00000000 ret=7f9c2514b13f | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000028 ret=7f9c25143c61 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005df60 ret=7f1c82787ccc | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24df6f92 | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000050,) ret=7f9c25143c7e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df6f92 | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c25143c7e | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dfa0 ret=7f1c8278790a | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 001e:Call ntdll.RtlReleaseResource(00024908,) ret=7f9c24dd8d4a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(00021760 L"C:\\windows\\system32\\drivers\\winebus.sys",00023f80,00000028,) ret=7f9c25143ca1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 001e:Ret ntdll.RtlReleaseResource() retval=00000000 ret=7f9c24dd8d4a | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000028 ret=7f9c25143ca1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005dfd0 ret=7f1c8278790a | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f9c24de1e37 | |
| 000f:Call KERNEL32.GetBinaryTypeW(00023f80 L"C:\\windows\\system32\\drivers\\winebus.sys",0023f870,) ret=7f9c251440f4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c24de1e37 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e000 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.GetBinaryTypeW() retval=00000001 ret=7f9c251440f4 | |
| 0027:Ret user32.BroadcastSystemMessageW() retval=00000001 ret=7fdc36fcce51 | |
| 001e:Call ntdll.RtlAllocateHeap(00010000,00000008,0000001c,) ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.GetSystemDirectoryW(0023f8e0,00000104,) ret=7f9c2514426e | |
| 001e:Ret ntdll.RtlAllocateHeap() retval=00024840 ret=7f9c24de2cf1 | |
| 0027:Call KERNEL32.MultiByteToWideChar(0000fdf2,00000000,7fdc2c01a44c "8c35a78b-7225-46e9-b4ab-c4a6a483707b",00000024,0077f6f2,00000024,) ret=7fdc36fca656 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e030 ret=7f1c82787ccc | |
| 000f:Ret KERNEL32.GetSystemDirectoryW() retval=00000013 ret=7f9c2514426e | |
| 001e:Call ntdll.NtWriteFile(000000d0,00000114,00000000,00000000,0067f7b0,00024840,0000001c,00000000,00000000,) ret=7f9c24decc6c | |
| 0027:Ret KERNEL32.MultiByteToWideChar() retval=00000024 ret=7fdc36fca656 | |
| 001e:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c25144285 | |
| 0027:Call ntdll.RtlInitUnicodeString(0077f6e0,0077f6f0 L"{8c35a78b-7225-46e9-b4ab-c4a6a483707b}",) ret=7fdc36fca694 | |
| 0029:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f5c1c1e2e5b | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024840,) ret=7f9c24de2d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e070 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25144285 | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=0000004c ret=7fdc36fca694 | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f5c1c1d9f74 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000046,) ret=7f9c251442cf | |
| 0027:Call ntdll.RtlGUIDFromString(0077f6e0,0077fb50,) ret=7fdc36fca69f | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f770 ret=7f5c1c1d9f74 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000249c0,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e0a0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c251442cf | |
| 0027:Ret ntdll.RtlGUIDFromString() retval=00000000 ret=7fdc36fca69f | |
| 0029:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001f780,00000008,00000000,00000000,) ret=7f5c1c1e2dec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,000000d8,) ret=7f9c25142903 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc36fcc35a | |
| 0029:Ret ntdll.NtReadFile() retval=80000005 ret=7f5c1c1e2dec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024a20,) ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e0d0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00024cc0 ret=7f9c25142903 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029bd0 ret=7fdc36fcc35a | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f5c1c1da006 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f850 ret=7f5c1c1da006 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00024b50,) ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e100 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000249c0 ret=7f9c25144e48 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 0029:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,0001f1e8,0001f850,00000004,00000000,00000000,) ret=7f5c1c1e2dec | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000046,) ret=7f9c25144e48 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00027f40,) ret=7fdc36fcca29 | |
| 0029:Ret ntdll.NtReadFile() retval=00000000 ret=7f5c1c1e2dec | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000241e0,) ret=7f9c24de23ab | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e140 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00024840 ret=7f9c25144e48 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 0029:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f5c1c1ebde6 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 0029:Ret ntdll.RtlAllocateHeap() retval=0001f880 ret=7f5c1c1ebde6 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,000245d0,) ret=7f9c24de7804 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e170 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000241e0 ret=7f9c25144e48 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00027f40 ret=7fdc36fcc35a | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f5c1c1da25e | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7804 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c25144e48 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7fdc36fcc35a | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da25e | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de781b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e1a0 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00024b50 ret=7f9c25144e48 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029c10 ret=7fdc36fcc35a | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,0001f850,) ret=7f5c1c1da1a4 | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de781b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25144e48 | |
| 0027:Call advapi32.RegDeleteValueW(0000004c,00027fb8 L"\\??\\Volume{00000000-0000-0000-0000-00000000005a}",) ret=7fdc36fcfd78 | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1da1a4 | |
| 001e:Call ntdll.RtlFreeHeap(00010000,00000000,00023780,) ret=7f9c24de783a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e1d0 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00024a20 ret=7f9c25144e48 | |
| 0027:Ret advapi32.RegDeleteValueW() retval=00000000 ret=7fdc36fcfd78 | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,0001f770,) ret=7f5c1c1db2bc | |
| 001e:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de783a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c251447ea | |
| 0027:Call ntoskrnl.exe.IoDeleteSymbolicLink(00027f98,) ret=7fdc36fcfd81 | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1db2bc | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e210 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c251447ea | |
| 0027:Call ntdll.NtOpenSymbolicLinkObject(0077f468,00000000,0077f470,) ret=7fdc37490229 | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,0001f720,) ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001a,) ret=7f9c25144e48 | |
| 0027:Ret ntdll.NtOpenSymbolicLinkObject() retval=00000000 ret=7fdc37490229 | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e240 ret=7f1c8278790a | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=000247e0 ret=7f9c25144e48 | |
| 0027:Call ntdll.NtClose(000000e0,) ret=7fdc37490290 | |
| 0029:Ret rpcrt4.NdrSendReceive() retval=00000000 ret=7f5c1c47c80e | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(00024840 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,) ret=7f9c25143c61 | |
| 0027:Ret ntdll.NtClose() retval=00000000 ret=7fdc37490290 | |
| 0029:Call rpcrt4.NdrFreeBuffer(0044f6c0,) ret=7f5c1c47c8a7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e270 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7f9c25143c61 | |
| 0027:Ret ntoskrnl.exe.IoDeleteSymbolicLink() retval=00000000 ret=7fdc36fcfd81 | |
| 0029:Call ntdll.RtlFreeHeap(00010000,00000000,0001f880,) ret=7f5c1c1ebe13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000000,00000046,) ret=7f9c25143c7e | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00028110,) ret=7fdc36fcfd99 | |
| 0029:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f5c1c1ebe13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e2a0 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c25143c7e | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfd99 | |
| 0029:Ret rpcrt4.NdrFreeBuffer() retval=00000000 ret=7f5c1c47c8a7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.ExpandEnvironmentStringsW(00024840 L"C:\\windows\\system32\\winedevice.exe",00023f80,00000023,) ret=7f9c25143ca1 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00027f70,) ret=7fdc36fcfdb0 | |
| 0029:Ret advapi32.SetServiceStatus() retval=00000001 ret=7f5c1c7be963 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e2e0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ExpandEnvironmentStringsW() retval=00000023 ret=7f9c25143ca1 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfdb0 | |
| 0029:Call KERNEL32.WaitForSingleObject(00000034,ffffffff,) ret=7f5c1c7be974 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call advapi32.RegQueryValueExW(00000024,00000000,00000000,0023f4c0,0023f4a0,0023f498,) ret=7f9c25143d05 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000da,) ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e310 ret=7f1c8278790a | |
| 000f:Ret advapi32.RegQueryValueExW() retval=00000000 ret=7f9c25143d05 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00027f70 ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call advapi32.RegSetValueExW(00000024,00000000,00000000,00000004,7f9c2535f230,00000004,) ret=7f9c25143d3d | |
| 0027:Call ntdll.RtlInitUnicodeString(00027f98,00027fb8 L"\\??\\Volume{8c35a78b-7225-46e9-b4ab-c4a6a483707b}",) ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e340 ret=7f1c8278790a | |
| 000f:Ret advapi32.RegSetValueExW() retval=00000000 ret=7f9c25143d3d | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f9c25143d84 | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00027f98,00027ee8,) ret=7fdc36fcf077 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e370 ret=7f1c82787ccc | |
| 000f:Ret ntdll.RtlAllocateHeap() retval=00024bb0 ret=7f9c25143d84 | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f3c8,000f0001,0077f3d0,00027ee8,) ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CreateMutexW(00000000,00000001,00000000,) ret=7f9c25143dae | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e3b0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateMutexW() retval=0000011c ret=7f9c25143dae | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.CreateNamedPipeW(7f9c2535f1e0 L"\\\\.\\pipe\\net\\NtControlPipe4",40000003,00000000,00000001,00000100,00000100,00002710,00000000,) ret=7f9c25143e15 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e3e0 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.CreateNamedPipeW() retval=00000124 ret=7f9c25143e15 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000f:Call KERNEL32.ResetEvent(00000118,) ret=7f9c25143e85 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e410 ret=7f1c8278790a | |
| 000f:Ret KERNEL32.ResetEvent() retval=00000001 ret=7f9c25143e85 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00028110 ret=7fdc36fcfba0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 000f:Call KERNEL32.CreateProcessW(00000000,00023f80 L"C:\\windows\\system32\\winedevice.exe",00000000,00000000,00000000,00000400,00350000,00000000,0023f4c0,0023f4a0,) ret=7f9c25143f02 | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00027fb8 L"\\??\\Volume{8c35a78b-7225-46e9-b4ab-c4a6a483707b}",00000000,00000003,00028110,00000004,) ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e440 ret=7f1c82787ccc | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 0027:Call KERNEL32.MultiByteToWideChar(0000fdf2,00000000,7fdc2c01abe4 "1497f815-889d-469e-b83f-8348fc672961",00000024,0077f6f2,00000024,) ret=7fdc36fca656 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e480 ret=7f1c8278790a | |
| 0027:Ret KERNEL32.MultiByteToWideChar() retval=00000024 ret=7fdc36fca656 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlInitUnicodeString(0077f6e0,0077f6f0 L"{1497f815-889d-469e-b83f-8348fc672961}",) ret=7fdc36fca694 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e4b0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=0000004c ret=7fdc36fca694 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlGUIDFromString(0077f6e0,0077fb50,) ret=7fdc36fca69f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e4e0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlGUIDFromString() retval=00000000 ret=7fdc36fca69f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e510 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029c40 ret=7fdc36fcdd8f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000044,) ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e550 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037030 ret=7fdc36fcc433 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e580 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037a10 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e5b0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037a10,) ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e5e0 ret=7f1c82787ccc | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e620 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037a10 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e650 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037a10,) ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e680 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e6b0 ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037a10 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e6f0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037a10,) ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e720 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e750 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037a10 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e780 ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037a10,) ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000020,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e7c0 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f680,00000000,00000000,00000000,0077f678,) ret=7fdc36fcc4a6 | |
| 002b:trace:relay:load_list L"RelayExclude" = L"ntdll.RtlEnterCriticalSection;ntdll.RtlTryEnterCriticalSection;ntdll.RtlLeaveCriticalSection;kernel32.48;kernel32.49;kernel32.94;kernel32.95;kernel32.96;kernel32.97;kernel32.98;kernel32.TlsGetValue;kernel32.TlsSetValue;kernel32.FlsGetValue;kernel32.FlsSetValue;kernel32.SetLastError" | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e7f0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:trace:relay:load_list L"RelayFromExclude" = L"winex11.drv;winemac.drv;user32;gdi32;advapi32;kernel32" | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037a10 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e820 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e850 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00029c90 ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e890 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e8c0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e8f0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037090 ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000da,) ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e920 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037bc0 ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlInitUnicodeString(00037be8,00037c08 L"\\??\\Volume{1497f815-889d-469e-b83f-8348fc672961}",) ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e960 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00037be8,00037b68,) ret=7fdc36fcf077 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e990 ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f3c8,000f0001,0077f3d0,00037b68,) ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e9c0 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005e9f0 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ea30 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000370c0 ret=7fdc36fcfba0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00037c08 L"\\??\\Volume{1497f815-889d-469e-b83f-8348fc672961}",00000000,00000003,000370c0,00000004,) ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ea60 ret=7f1c8278790a | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ea90 ret=7f1c8278790a | |
| 0027:Call KERNEL32.MultiByteToWideChar(0000fdf2,00000000,7fdc2c01bbe4 "7722d0f3-ea57-4855-a433-2f72b11de0d8",00000024,0077f6f2,00000024,) ret=7fdc36fca656 | |
| 002b:Call KERNEL32.__wine_kernel_init() ret=7bc63340 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret KERNEL32.MultiByteToWideChar() retval=00000024 ret=7fdc36fca656 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eac0 ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlInitUnicodeString(0077f6e0,0077f6f0 L"{7722d0f3-ea57-4855-a433-2f72b11de0d8}",) ret=7fdc36fca694 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=0000004c ret=7fdc36fca694 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eb00 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlGUIDFromString(0077f6e0,0077fb50,) ret=7fdc36fca69f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlGUIDFromString() retval=00000000 ret=7fdc36fca69f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eb30 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000370f0 ret=7fdc36fccaac | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eb60 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037cb0 ret=7fdc36fccaac | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eb90 ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037cb0,) ret=7fdc36fccd01 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fccd01 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ebd0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7fdc36fcde77 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037cb0 ret=7fdc36fcde77 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ec00 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037cf0 ret=7fdc36fcdd8f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ec30 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc36fcc433 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037d40 ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ec60 ret=7f1c82787ccc | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000f:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7f9c25143f02 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000f:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c25143f1f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eca0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037d90 ret=7fdc3748fc74 | |
| 000f:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c25143f1f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037d90,) ret=7fdc3748fdb7 | |
| 000f:Call KERNEL32.CloseHandle(00000134,) ret=7f9c25143f4d | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ecd0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000f:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c25143f4d | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000f:Call KERNEL32.ConnectNamedPipe(00000124,0023f7a0,) ret=7f9c251449c6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ed00 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037d90 ret=7fdc3748fc74 | |
| 000f:Ret KERNEL32.ConnectNamedPipe() retval=00000000 ret=7f9c251449c6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00037d90,) ret=7fdc3748fdb7 | |
| 000f:Call KERNEL32.WaitForMultipleObjects(00000002,0023f7c0,00000000,00002710,) ret=7f9c25144d42 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ed30 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ed70 ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eda0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037d90 ret=7fdc3748fc74 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005edd0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003a,) ret=7fdc36fcc5ed | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037f40 ret=7fdc36fcc5ed | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ee00 ret=7f1c82787ccc | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(0077f610,0077f600,) ret=7fdc36fcc642 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f428,000f0001,0077f430,0077f600,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ee40 ret=7f1c8278790a | |
| 002b:Call PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Ret PE DLL (proc=0x7bcb99f0,module=0x7bc20000 L"ntdll.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcc642 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ee70 ret=7f1c8278790a | |
| 002b:Call PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037f90 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eea0 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005eed0 ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 002b:Ret PE DLL (proc=0x7b4a66f0,module=0x7b420000 L"KERNEL32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ef10 ret=7f1c8278790a | |
| 002b:Call PE DLL (proc=0x7f27e29f7730,module=0x7f27e29a0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Ret PE DLL (proc=0x7f27e29f7730,module=0x7f27e29a0000 L"advapi32.dll",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00037fd0 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ef40 ret=7f1c8278790a | |
| 002b:Call PE DLL (proc=0x7f27e27681f0,module=0x7f27e2750000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x23fb00) | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000ce,) ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.DisableThreadLibraryCalls(7f27e2750000,) ret=7f27e2765ced | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038000 ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ef70 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.DisableThreadLibraryCalls() retval=00000001 ret=7f27e2765ced | |
| 0027:Call ntdll.RtlInitUnicodeString(00038028,00038048 L"\\??\\Volume{7722d0f3-ea57-4855-a433-2f72b11de0d8}",) ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlAddVectoredExceptionHandler(00000001,7f27e275be80,) ret=7f27e2765cfe | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005efa0 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAddVectoredExceptionHandler() retval=000226c0 ret=7f27e2765cfe | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00038028,00037ee8,) ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 002b:Call ntdll.NtGetTickCount() ret=7f27e2761f45 | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f388,000f0001,0077f390,00037ee8,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005efe0 ret=7f1c8278790a | |
| 002b:Ret ntdll.NtGetTickCount() retval=0043f14d ret=7f27e2761f45 | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002b:Ret PE DLL (proc=0x7f27e27681f0,module=0x7f27e2750000 L"ntoskrnl.exe",reason=PROCESS_ATTACH,res=0x23fb00) retval=1 | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f010 ret=7f1c8278790a | |
| 002b:Starting process L"C:\\windows\\system32\\winedevice.exe" (entryproc=0x7f27e2d31400) | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000008a,) ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002b:Call advapi32.StartServiceCtrlDispatcherW(0023fcb0,) ret=7f27e2d313da | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000380e0 ret=7fdc36fcef89 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f040 ret=7f1c8278790a | |
| 0027:Call ntdll.RtlInitUnicodeString(00038108,00038128 L"\\DosDevices\\E:",) ret=7fdc36fcefc7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fdc36fcefc7 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f070 ret=7f1c82787ccc | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00038108,00037ee8,) ret=7fdc36fcf077 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000019,) ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f438,000f0001,0077f440,00037ee8,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f0b0 ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f0e0 ret=7f1c8278790a | |
| 002b:Call PE DLL (proc=0x7f27e250ac70,module=0x7f27e24b0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Ret PE DLL (proc=0x7f27e250ac70,module=0x7f27e24b0000 L"rpcrt4.dll",reason=PROCESS_ATTACH,res=(nil)) retval=1 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f110 ret=7f1c8278790a | |
| 002b:Call rpcrt4.NdrClientInitializeNew(0023f1b0,0023f2f0,7f27e2c15c00,0000000f,) ret=7f27e29ee62f | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Ret rpcrt4.NdrClientInitializeNew() retval=00000000 ret=7f27e29ee62f | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038180 ret=7fdc36fcfba0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f140 ret=7f1c82787ccc | |
| 002b:Call rpcrt4.RpcStringBindingComposeW(00000000,0023f060 L"ncacn_np",00000000,0023f080 L"\\pipe\\svcctl",00000000,0023f050,) ret=7f27e29e0ccd | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00038048 L"\\??\\Volume{7722d0f3-ea57-4855-a433-2f72b11de0d8}",00000000,00000003,00038180,00000004,) ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000058,) ret=7f27e24ec6d4 | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f180 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=000227c0 ret=7f27e24ec6d4 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Ret rpcrt4.RpcStringBindingComposeW() retval=00000000 ret=7f27e29e0ccd | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f1b0 ret=7f1c8278790a | |
| 002b:Call rpcrt4.RpcBindingFromStringBindingW(000227c0 L"ncacn_np:[\\\\pipe\\\\svcctl]",0023f058,) ret=7f27e29e0d43 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f27e24eb332 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000381b0 ret=7fdc36fcfba0 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f1e0 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022830 ret=7f27e24eb332 | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00038128 L"\\DosDevices\\E:",00000000,00000003,000381b0,00000004,) ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000002,) ret=7f27e24eb332 | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f210 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022860 ret=7f27e24eb332 | |
| 0027:Call advapi32.RegCreateKeyW(ffffffff80000002,7fdc36fd1520 L"Software\\Wine\\Drives",0077f720,) ret=7fdc36fce4e5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001e,) ret=7f27e24eb332 | |
| 0027:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7fdc36fce4e5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f250 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022890 ret=7f27e24eb332 | |
| 0027:Call advapi32.RegDeleteValueW(00000104,0077f732 L"e:",) ret=7fdc36fce608 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f27e24eb268 | |
| 0027:Ret advapi32.RegDeleteValueW() retval=00000002 ret=7fdc36fce608 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f280 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024b60 ret=7f27e24eb268 | |
| 0027:Call advapi32.RegCloseKey(00000104,) ret=7fdc36fce57a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022830 L"ncacn_np",ffffffff,00000000,00000000,00000000,00000000,) ret=7f27e24eb4ea | |
| 0027:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fce57a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f2b0 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f27e24eb4ea | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000370f0,) ret=7fdc36fce3b2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f27e24eb508 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fce3b2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f2e0 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024bf0 ret=7f27e24eb508 | |
| 0027:Call user32.BroadcastSystemMessageW(00000021,00000000,00000219,00008000,0077f6b0,) ret=7fdc36fcce51 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022830 L"ncacn_np",ffffffff,00024bf0,00000009,00000000,00000000,) ret=7f27e24eb52c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f320 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WideCharToMultiByte() retval=00000009 ret=7f27e24eb52c | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f27e24ef629 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f350 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24ef629 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022860 L"",ffffffff,00000000,00000000,00000000,00000000,) ret=7f27e24eb4ea | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f380 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f27e24eb4ea | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f27e24eb508 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f3b0 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024c20 ret=7f27e24eb508 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022860 L"",ffffffff,00024c20,00000001,00000000,00000000,) ret=7f27e24eb52c | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f3f0 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WideCharToMultiByte() retval=00000001 ret=7f27e24eb52c | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f27e24ef659 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f420 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24ef659 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022890 L"\\pipe\\svcctl",ffffffff,00000000,00000000,00000000,00000000,) ret=7f27e24eb4ea | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f450 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f27e24eb4ea | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f27e24eb508 | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f480 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024c50 ret=7f27e24eb508 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f1c8278790a | |
| 002b:Call KERNEL32.WideCharToMultiByte(00000000,00000000,00022890 L"\\pipe\\svcctl",ffffffff,00024c50,0000000d,00000000,00000000,) ret=7f27e24eb52c | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f4c0 ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WideCharToMultiByte() retval=0000000d ret=7f27e24eb52c | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f27e24ef689 | |
| 0011:Call user32.DefWindowProcW(00010030,00000219,00008000,0004de50,) ret=7fc24c4e3694 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f4f0 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24ef689 | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000098,) ret=7f27e24e9827 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f520 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024c80 ret=7f27e24e9827 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call KERNEL32.InitializeCriticalSection(00024cd0,) ret=7f27e24e9874 | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f550 ret=7f1c82787ccc | |
| 002b:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f27e24e9874 | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000012,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f27e24eb498 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f590 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024d70 ret=7f27e24eb498 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 0027:Ret user32.BroadcastSystemMessageW() retval=00000001 ret=7fdc36fcce51 | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f27e24eb498 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f5c0 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024da0 ret=7f27e24eb498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f27e24eb498 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000370f0 ret=7fdc36fccaac | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f5f0 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024dd0 ret=7f27e24eb498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000023,) ret=7fdc36fccaac | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call advapi32.SystemFunction036(00024cbc,00000010,) ret=7f27e2506adb | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000381e0 ret=7fdc36fccaac | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f620 ret=7f1c82787ccc | |
| 002b:Ret advapi32.SystemFunction036() retval=00000001 ret=7f27e2506adb | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000381e0,) ret=7fdc36fccd01 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000017,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f27e2506336 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fccd01 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f660 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2506336 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7fdc36fcde77 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022890,) ret=7f27e2506336 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000381e0 ret=7fdc36fcde77 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f690 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2506336 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000040,) ret=7fdc36fcdd8f | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038220 ret=7fdc36fcdd8f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022860,) ret=7f27e2506336 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,00000038,) ret=7fdc36fcc433 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038270 ret=7fdc36fcc433 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f6c0 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2506336 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022830,) ret=7f27e2506336 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000382c0 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f6f0 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2506336 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000382c0,) ret=7fdc3748fdb7 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001f,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f27e2506336 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f730 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2506336 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Ret rpcrt4.RpcBindingFromStringBindingW() retval=00000000 ret=7f27e29e0d43 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000382c0 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f760 ret=7f1c8278790a | |
| 002b:Call rpcrt4.RpcStringFreeW(0023f050,) ret=7f27e29e0d4d | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000382c0,) ret=7fdc3748fdb7 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,000227c0,) ret=7f27e2506336 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f790 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2506336 | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Ret rpcrt4.RpcStringFreeW() retval=00000000 ret=7f27e29e0d4d | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000382c0 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f7c0 ret=7f1c82787ccc | |
| 002b:Call rpcrt4.NdrPointerBufferSize(0023f2f0,00000000,7f27e2a00f6c,) ret=7f27e29ee65c | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000382c0,) ret=7fdc3748fdb7 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc3748fdb7 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7f1c8278790a | |
| 002b:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f27e29ee65c | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=c0000035 ret=7fdc36fcc4a6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f800 ret=7f1c8278790a | |
| 002b:Call rpcrt4.NdrPointerBufferSize(0023f2f0,00000000,7f27e2a01450,) ret=7f27e29ee66e | |
| 0027:Call ntoskrnl.exe.IoCreateDevice(00027280,00000050,0077f600,00000000,00000000,00000000,0077f5f8,) ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Ret rpcrt4.NdrPointerBufferSize() retval=00000000 ret=7f27e29ee66e | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000198,) ret=7fdc3748fc74 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000382c0 ret=7fdc3748fc74 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f830 ret=7f1c8278790a | |
| 002b:Call rpcrt4.NdrGetBuffer(0023f2f0,00000010,00024b60,) ret=7f27e29ee685 | |
| 0027:Ret ntoskrnl.exe.IoCreateDevice() retval=00000000 ret=7fdc36fcc4a6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f27e2507de6 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000003a,) ret=7fdc36fcc5ed | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038470 ret=7fdc36fcc5ed | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f860 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=000227c0 ret=7f27e2507de6 | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(0077f610,0077f600,) ret=7fdc36fcc642 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f27e24fd921 | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f428,000f0001,0077f430,0077f600,) ret=7fdc37490117 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f890 ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024e00 ret=7f27e24fd921 | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcc642 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000001,) ret=7f27e24eb498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7fdc36fcc35a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000384c0 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f8d0 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=000227f0 ret=7f27e24eb498 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca0c | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f27e24eb498 | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcca29 | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcca29 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f900 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022820 ret=7f27e24eb498 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000a,) ret=7fdc36fcc35a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f27e2507de6 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038500 ret=7fdc36fcc35a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f930 ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7f27e2507de6 | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,000000ce,) ret=7fdc36fcef89 | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038530 ret=7fdc36fcef89 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call KERNEL32.CreateFileA(00022850 "\\\\.\\pipe\\svcctl",c0000000,00000000,00000000,00000003,40000000,00000000,) ret=7f27e24fe8cd | |
| 0027:Call ntdll.RtlInitUnicodeString(00038558,00038578 L"\\??\\Volume{00000000-0000-0000-0000-000000000046}",) ret=7fdc36fcefc7 | |
| 002b:Ret KERNEL32.CreateFileA() retval=00000004 ret=7f27e24fe8cd | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f960 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=00000060 ret=7fdc36fcefc7 | |
| 0013:Ret KERNEL32.WaitForMultipleObjectsEx() retval=00000001 ret=7f9c24df2763 | |
| 002b:Call KERNEL32.SetNamedPipeHandleState(00000004,0023ec74,00000000,00000000,) ret=7f27e24fea4f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00038558,00038418,) ret=7fdc36fcf077 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000008,00000118,) ret=7f9c24deb921 | |
| 002b:Ret KERNEL32.SetNamedPipeHandleState() retval=00000001 ret=7f27e24fea4f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f9a0 ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f388,000f0001,0077f390,00038418,) ret=7fdc37490117 | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=000244f0 ret=7f9c24deb921 | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7f27e2507e13 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2507e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005f9d0 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00024620 ret=7f9c24dd9498 | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f27e24f3f0c | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7f27e24f3f0c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000000,0000008a,) ret=7fdc36fcef89 | |
| 0013:Call KERNEL32.CreateNamedPipeA(00021f10 "\\\\.\\pipe\\svcctl",40000003,00000006,000000ff,000016d0,000016d0,00001388,00000000,) ret=7f9c24decedf | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f27e2506082 | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024f30 ret=7f27e2506082 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fa00 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=00038610 ret=7fdc36fcef89 | |
| 0013:Ret KERNEL32.CreateNamedPipeA() retval=00000128 ret=7f9c24decedf | |
| 002b:Call KERNEL32.InitializeCriticalSection(00024f40,) ret=7f27e250609b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlInitUnicodeString(00038638,00038658 L"\\DosDevices\\F:",) ret=7fdc36fcefc7 | |
| 0013:Call ntdll.RtlAllocateHeap(00010000,00000000,00000010,) ret=7f9c24def4ac | |
| 002b:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f27e250609b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fa30 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlInitUnicodeString() retval=0000001c ret=7fdc36fcefc7 | |
| 0013:Ret ntdll.RtlAllocateHeap() retval=00024650 ret=7f9c24def4ac | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000048,) ret=7f27e24f4cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000e,) ret=7f1c8278790a | |
| 0027:Call ntoskrnl.exe.IoCreateSymbolicLink(00038638,00038418,) ret=7fdc36fcf077 | |
| 0013:Call KERNEL32.GetComputerNameA(00024650,0033fc44,) ret=7f9c24def4c5 | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7f27e24f4cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fa70 ret=7f1c8278790a | |
| 0027:Call ntdll.NtCreateSymbolicLinkObject(0077f438,000f0001,0077f440,00038418,) ret=7fdc37490117 | |
| 002b:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0023ebc0,00024fe0,00000048,00000000,00000000,) ret=7f27e24fec6c | |
| 0013:Ret KERNEL32.GetComputerNameA() retval=00000001 ret=7f9c24def4c5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Ret ntdll.NtCreateSymbolicLinkObject() retval=00000000 ret=7fdc37490117 | |
| 0013:Call KERNEL32.CreateThread(00000000,00000000,7f9c24de7280,000244f0,00000000,00000000,) ret=7f9c24de79e4 | |
| 002b:Ret ntdll.NtWriteFile() retval=00000000 ret=7f27e24fec6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005faa0 ret=7f1c8278790a | |
| 0027:Ret ntoskrnl.exe.IoCreateSymbolicLink() retval=00000000 ret=7fdc36fcf077 | |
| 0013:Ret KERNEL32.CreateThread() retval=0000012c ret=7f9c24de79e4 | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7f27e24f4d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 002c:Call PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) | |
| 0013:Call KERNEL32.CloseHandle(0000012c,) ret=7f9c24de79fc | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24f4d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fad0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 002c:Ret PE DLL (proc=0x7f9c24df8c70,module=0x7f9c24da0000 L"rpcrt4.dll",reason=THREAD_ATTACH,res=(nil)) retval=1 | |
| 0013:Ret KERNEL32.CloseHandle() retval=00000001 ret=7f9c24de79fc | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7f27e24f43ab | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24f43ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 002c:Starting thread proc 0x7f9c24de7280 (arg=0x244f0) | |
| 0013:Call ntdll.NtFsControlFile(00000128,00000084,00000000,00000000,00021ea8,00110008,00000000,00000000,00000000,00000000,) ret=7f9c24ded05a | |
| 002b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,0023ebe0,00000010,00000000,00000000,) ret=7f27e24fedec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fb00 ret=7f1c82787ccc | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000386b0 ret=7fdc36fcfba0 | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 0013:Ret ntdll.NtFsControlFile() retval=00000103 ret=7f9c24ded05a | |
| 002b:Ret ntdll.NtReadFile() retval=00000103 ret=7f27e24fedec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00038578 L"\\??\\Volume{00000000-0000-0000-0000-000000000046}",00000000,00000003,000386b0,00000004,) ret=7fdc36fcfbf1 | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c24de73b1 | |
| 0013:Call ntdll.RtlReAllocateHeap(00010000,00000000,00021c70,00000010,) ret=7f9c24ded0fc | |
| 002b:Call KERNEL32.WaitForSingleObject(00000010,ffffffff,) ret=7f27e24fee5b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fb40 ret=7f1c8278790a | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000058,) ret=7f9c24df4082 | |
| 0013:Ret ntdll.RtlReAllocateHeap() retval=00021c70 ret=7f9c24ded0fc | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7fdc36fcfb78 | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024c10 ret=7f9c24df4082 | |
| 0013:Call KERNEL32.WaitForMultipleObjectsEx(00000002,00021c70,00000000,ffffffff,00000001,) ret=7f9c24df2763 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fb70 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fcfb78 | |
| 002c:Call KERNEL32.InitializeCriticalSection(00024c20,) ret=7f9c24df409b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 0027:Call ntdll.RtlAllocateHeap(00010000,00000008,00000004,) ret=7fdc36fcfba0 | |
| 002c:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24df409b | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fba0 ret=7f1c8278790a | |
| 0027:Ret ntdll.RtlAllocateHeap() retval=000386e0 ret=7fdc36fcfba0 | |
| 002c:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,000245e8,009afba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 0027:Call advapi32.RegSetValueExW(0000004c,00038658 L"\\DosDevices\\F:",00000000,00000003,000386e0,00000004,) ret=7fdc36fcfbf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fbd0 ret=7f1c82787ccc | |
| 002c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0027:Ret advapi32.RegSetValueExW() retval=00000000 ret=7fdc36fcfbf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000b,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f9c24de3f74 | |
| 0027:Call advapi32.RegCreateKeyW(ffffffff80000002,7fdc36fd1520 L"Software\\Wine\\Drives",0077f720,) ret=7fdc36fce4e5 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fc10 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024db0 ret=7f9c24de3f74 | |
| 0027:Ret advapi32.RegCreateKeyW() retval=00000000 ret=7fdc36fce4e5 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 002c:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,000245e8,00024dc0,0000000c,00000000,00000000,) ret=7f9c24decdec | |
| 0027:Call advapi32.RegDeleteValueW(00000114,0077f732 L"f:",) ret=7fdc36fce608 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fc40 ret=7f1c8278790a | |
| 002c:Ret ntdll.NtReadFile() retval=80000005 ret=7f9c24decdec | |
| 0027:Ret advapi32.RegDeleteValueW() retval=00000002 ret=7fdc36fce608 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000005,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24de4006 | |
| 0027:Call advapi32.RegCloseKey(00000114,) ret=7fdc36fce57a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fc70 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024de0 ret=7f9c24de4006 | |
| 0027:Ret advapi32.RegCloseKey() retval=00000000 ret=7fdc36fce57a | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002c:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,000245e8,00024de0,0000002c,00000000,00000000,) ret=7f9c24decdec | |
| 0027:Call ntdll.RtlFreeHeap(00010000,00000000,000370f0,) ret=7fdc36fce3b2 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fca0 ret=7f1c82787ccc | |
| 002c:Ret ntdll.NtReadFile() retval=00000000 ret=7f9c24decdec | |
| 0027:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7fdc36fce3b2 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000022,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f9c24df5de6 | |
| 0027:Call user32.BroadcastSystemMessageW(00000021,00000000,00000219,00008000,0077f6b0,) ret=7fdc36fcce51 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fce0 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024e20 ret=7f9c24df5de6 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00024de0,) ret=7f9c24de41a4 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fd20 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de41a4 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de6d24 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10042,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fd50 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024de0 ret=7f9c24de6d24 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000080,) ret=7f9c24dd9268 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fd80 ret=7f1c82787ccc | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024e60 ret=7f9c24dd9268 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000014,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10040,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fdc0 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024ef0 ret=7f9c24dd9498 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fdf0 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024f20 ret=7f9c24dd9498 | |
| 0011:Call window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 0011:Ret window proc 0x7fc24baa7fb0 (hwnd=0x10038,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fe20 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024f50 ret=7f9c24dd9498 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000098,) ret=7f9c24dd7827 | |
| 0011:Call window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 0011:Ret window proc 0x7fc24baa5280 (hwnd=0x10036,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fe50 ret=7f1c82787ccc | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00024f80 ret=7f9c24dd7827 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000016,) ret=7f1c8278790a | |
| 002c:Call KERNEL32.InitializeCriticalSection(00024fd0,) ret=7f9c24dd7874 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fe90 ret=7f1c8278790a | |
| 002c:Ret KERNEL32.InitializeCriticalSection() retval=00000001 ret=7f9c24dd7874 | |
| 0011:Call window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000009,) ret=7f9c24dd9498 | |
| 0011:Call user32.DefWindowProcW(00010030,00000219,00008000,0004de50,) ret=7fc24c4e3694 | |
| 0011:Ret user32.DefWindowProcW() retval=00000000 ret=7fc24c4e3694 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fec0 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=000250c0 ret=7f9c24dd9498 | |
| 0011:Ret window proc 0x7fc24c4e35d0 (hwnd=0x10030,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000004,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f9c24dd9498 | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fef0 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=000250f0 ret=7f9c24dd9498 | |
| 0011:Ret winex11.drv.MsgWaitForMultipleObjectsEx() retval=00000000 ret=7fc24bb2ab2f | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000d,) ret=7f9c24dd9498 | |
| 0011:Call window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ff20 ret=7f1c82787ccc | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00025120 ret=7f9c24dd9498 | |
| 0011:Ret window proc 0x7fc24baf3f00 (hwnd=0x10032,msg=WM_DEVICECHANGE,wp=00008000,lp=0004de50) retval=00000000 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000c,) ret=7f1c8278790a | |
| 002c:Call advapi32.SystemFunction036(00024fbc,00000010,) ret=7f9c24df4adb | |
| 0011:Call winex11.drv.MsgWaitForMultipleObjectsEx(00000001,0023ed90,ffffffff,000004ff,00000000,) ret=7fc24bb2ab2f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ff60 ret=7f1c8278790a | |
| 002c:Ret advapi32.SystemFunction036() retval=00000001 ret=7f9c24df4adb | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 0027:Ret user32.BroadcastSystemMessageW() retval=00000001 ret=7fdc36fcce51 | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2061 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ff90 ret=7f1c8278790a | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00025150 ret=7f9c24de2061 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00024de0,) ret=7f9c24de6f0a | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de6f0a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005ffc0 ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000044,) ret=7f9c24de2cf1 | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=000251b0 ret=7f9c24de2cf1 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002c:Call ntdll.NtWriteFile(000000f0,0000012c,00000000,00000000,009afb60,000251b0,00000044,00000000,00000000,) ret=7f9c24decc6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=0005fff0 ret=7f1c82787ccc | |
| 002c:Ret ntdll.NtWriteFile() retval=00000000 ret=7f9c24decc6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000000f,) ret=7f1c8278790a | |
| 002b:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f27e24fee5b | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,000251b0,) ret=7f9c24de2d43 | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de2d43 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060030 ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f27e24f5f74 | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00025150,) ret=7f9c24de23ab | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022890 ret=7f27e24f5f74 | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00024e20,) ret=7f9c24df5e13 | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24df5e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060060 ret=7f1c8278790a | |
| 002b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,000228a0,00000008,00000000,00000000,) ret=7f27e24fedec | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00024db0,) ret=7f9c24de23ab | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de23ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000008,) ret=7f1c8278790a | |
| 002b:Ret ntdll.NtReadFile() retval=80000005 ret=7f27e24fedec | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00023f80,) ret=7f9c24de7372 | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de7372 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060090 ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f27e24f6006 | |
| 002c:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f9c24de738b | |
| 002c:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f9c24de738b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7f27e24f6006 | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000008,00000050,) ret=7f9c24de73b1 | |
| 002c:Ret ntdll.RtlAllocateHeap() retval=00023f80 ret=7f9c24de73b1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000600c0 ret=7f1c82787ccc | |
| 002b:Call ntdll.NtReadFile(00000004,00000010,00000000,00000000,00024ef8,00022850,0000002c,00000000,00000000,) ret=7f27e24fedec | |
| 002c:Call ntdll.NtReadFile(000000f0,0000012c,00000000,00000000,000245e8,009afba0,00000010,00000000,00000000,) ret=7f9c24decdec | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000015,) ret=7f1c8278790a | |
| 002b:Ret ntdll.NtReadFile() retval=00000000 ret=7f27e24fedec | |
| 002c:Ret ntdll.NtReadFile() retval=00000103 ret=7f9c24decdec | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060100 ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000000,0000002c,) ret=7f27e2507de6 | |
| 002c:Call KERNEL32.WaitForSingleObject(0000012c,ffffffff,) ret=7f9c24dece5b | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00024fe0 ret=7f27e2507de6 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060130 ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7f27e24f61a4 | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24f61a4 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000007,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00024fe0,) ret=7f27e2507e13 | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e2507e13 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060160 ret=7f1c8278790a | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022890,) ret=7f27e24f43ab | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24f43ab | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00000000,) ret=7f27e24ea44a | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24ea44a | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060190 ret=7f1c82787ccc | |
| 002b:Ret rpcrt4.NdrGetBuffer() retval=000227c0 ret=7f27e29ee685 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001d,) ret=7f1c8278790a | |
| 002b:Call rpcrt4.NdrPointerMarshall(0023f2f0,00000000,7f27e2a00f6c,) ret=7f27e29ee697 | |
| 002b:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f27e29ee697 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=000601d0 ret=7f1c8278790a | |
| 002b:Call rpcrt4.NdrPointerMarshall(0023f2f0,00000000,7f27e2a01450,) ret=7f27e29ee6a9 | |
| 002b:Ret rpcrt4.NdrPointerMarshall() retval=00000000 ret=7f27e29ee6a9 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call rpcrt4.NdrSendReceive(0023f2f0,000227cc,) ret=7f27e29ee70f | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060200 ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000018,) ret=7f27e24f6efe | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022850 ret=7f27e24f6efe | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000006,) ret=7f1c8278790a | |
| 002b:Call ntdll.RtlAllocateHeap(00010000,00000008,00000024,) ret=7f27e24f4cf1 | |
| 002b:Ret ntdll.RtlAllocateHeap() retval=00022880 ret=7f27e24f4cf1 | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060230 ret=7f1c8278790a | |
| 002b:Call ntdll.NtWriteFile(00000004,00000010,00000000,00000000,0023ecd0,00022880,00000024,00000000,00000000,) ret=7f27e24fec6c | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,00000028,) ret=7f1c82787ccc | |
| 002b:Ret ntdll.NtWriteFile() retval=00000000 ret=7f27e24fec6c | |
| 000d:Ret ntdll.RtlAllocateHeap() retval=00060260 ret=7f1c82787ccc | |
| 002c:Ret KERNEL32.WaitForSingleObject() retval=00000000 ret=7f9c24dece5b | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022880,) ret=7f27e24f4d43 | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7f27e24f4d43 | |
| 000d:Call ntdll.RtlAllocateHeap(00010000,00000000,0000001c,) ret=7f1c8278790a | |
| 002c:Call ntdll.RtlAllocateHeap(00010000,00000000,00000018,) ret=7f9c24de3f74 | |
| 002b:Call ntdll.RtlFreeHeap(00010000,00000000,00022850,) ret=7f27e24f6fa1 | |
| 002b:Ret ntdll.RtlFreeHeap() retval=00000001 r |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment