I hereby claim:
- I am dgrif on github.
- I am dgrif (https://keybase.io/dgrif) on keybase.
- I have a public key whose fingerprint is 5E78 601C 43DE A1C8 2863 72A5 39AA CFCF B07A 09C2
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
system-call: NtOpenProcessToken, arguments: -1 0xffffffff 8 0x00000008 850248 0x000cf948 0 0x00000000, return-value: 0 0x00000000 | |
system-call: NtQueryInformationToken, arguments: 76 0x0000004c 1 0x00000001 850312 0x000cf988 136 0x00000088, return-value: 0 0x00000000 | |
system-call: NtOpenKey, arguments: 850228 0x000cf934 3 0x00000003 2009948416 0x77cd6100 2009949964 0x77cd670c, return-value: -1073741772 0xc0000034 | |
system-call: NtOpenKey, arguments: 850244 0x000cf944 131097 0x00020019 2010727000 0x77d94258 2009949964 0x77cd670c, return-value: -1073741772 0xc0000034 | |
system-call: NtOpenKey, arguments: 850256 0x000cf950 1 0x00000001 2009948448 0x77cd6120 2009949964 0x77cd670c, return-value: 0 0x00000000 | |
system-call: NtQueryValueKey, arguments: 80 0x00000050 2009948440 0x77cd6118 2 0x00000002 850656 0x000cfae0, return-value: -1073741772 0xc0000034 | |
system-call: NtClose, arguments: 80 0x00000050 2009949964 0x77cd670c 0 0x00000000 2130567168 0x7efde000, return-value: 0 0x00000000 | |
system-call: |
win7_sp1_x64_ntdll_syscalls = { | |
0x0: 'NtMapUserPhysicalPagesScatter', | |
0x1: 'NtWaitForSingleObject', | |
0x2: 'NtCallbackReturn', | |
0x3: 'NtReadFile', | |
0x4: 'NtDeviceIoControlFile', | |
0x5: 'NtWriteFile', | |
0x6: 'NtRemoveIoCompletion', | |
0x7: 'NtReleaseSemaphore', | |
0x8: 'NtReplyWaitReceivePort', |