KDVMWare Packet Log - VMXPPRO
This is a sample KDCOM packet-level log produced by KDVMWare v1.2. Such logs can be used to study internal KDCOM protocol structure and perform detailed diagnostics of your debug sessions. This sample log demonstrates, what communication is performed between WinDbg and Windows XP machine, when user executes "Step Into" command in WinDbg.Legend: Debugger-to-kernel
packets are in red;
Kernel-to-debugger packets are in green
| # | Time | Type | Data |
| 1 | +0:00:00.0000 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdContinueApi2 3C 31 00 00 00 00 00 00 01 00 01 00 6C FE B2 00 <1..........l... 01 00 01 00 01 00 00 00 00 05 00 00 01 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ........ |
| 1 | +0:00:00.0000 | 7 KD_STATE_CHANGE64 |
Buf1: Size = 240 (0xF0); Api# = DbgKdExceptionStateChange 30 30 00 00 06 00 00 00 01 00 00 00 FF FF FF FF 00.............. 20 19 55 80 FF FF FF FF 6D 02 54 80 FF FF FF FF .U.....m.T..... 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 ................ 6D 02 54 80 FF FF FF FF 00 00 00 00 00 00 00 00 m.T............. 2C A4 EF BA FF FF FF FF ED 34 65 80 FF FF FF FF ,........4e..... 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 84 8D 54 01 00 00 00 00 84 8D 54 80 FF FF FF FF ..T.......T..... 38 BC 64 72 00 00 00 00 2E 00 00 00 00 00 00 00 8.dr............ 19 0C 67 E2 FF FF FF FF 8F 6F 35 D5 FF FF FF FF ..g......o5..... 00 00 03 00 00 00 00 00 00 00 01 00 00 00 00 00 ................ FF FF FF FF FF FF FF FF 61 D9 53 80 FF FF FF FF ........a.S..... C0 8D 54 80 FF FF FF FF 01 00 00 00 00 00 00 00 ..T............. F0 4F FF FF 00 05 00 00 10 00 03 00 EB B4 90 FB .O.............. 8D 49 00 A1 1C F0 DF FF 53 FF 80 C4 08 00 23 00 .I......S.....#. 23 00 30 00 02 02 00 00 00 00 00 00 00 00 00 00 #.0............. Buf2: Size = 4 (0x4); Api# = DbgKdExceptionStateChange 01 00 00 00 .... |
| 2 | +0:00:00.0000 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 09 C8 2E 02 18 A5 7A 00 00 00 00 00 01........z..... 40 02 54 80 FF FF FF FF 2D 00 00 00 69 69 69 69 @.T.....-...iiii 04 00 00 00 00 00 80 80 00 00 00 00 08 00 00 00 ................ D4 DD 2E 02 00 00 00 00 ........ |
| 2 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 09 C8 2E 02 00 00 00 00 00 00 00 00 01.............. 40 02 54 80 FF FF FF FF 2D 00 00 00 2D 00 00 00 @.T.....-...-... 04 00 00 00 00 00 80 80 00 00 00 00 08 00 00 00 ................ D4 DD 2E 02 00 00 00 00 ........ Buf2: Size = 45 (0x2D); Api# = DbgKdReadVirtualMemoryApi FF 15 88 76 4D 80 E9 2D CE FF FF FF 05 C4 F5 DF ...vM..-........ FF FA FF 15 88 76 4D 80 E9 1B CE FF FF E8 28 63 .....vM.......(c FB FF 0A C0 74 BD 6A 01 E8 37 6B FE FF ....t.j..7k.. |
| 3 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 08 00 00 00 D4 DD 2E 02 01.............. 7D 02 54 80 FF FF FF FF 03 00 00 00 0A 00 00 00 }.T............. 50 7D 33 02 00 50 84 42 43 85 10 02 40 02 54 80 P}3..P.BC...@.T. D8 F4 37 01 00 00 00 00 ..7..... |
| 3 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 D4 DD 2E 02 01.............. 7D 02 54 80 FF FF FF FF 03 00 00 00 03 00 00 00 }.T............. 50 7D 33 02 00 50 84 42 43 85 10 02 40 02 54 80 P}3..P.BC...@.T. D8 F4 37 01 00 00 00 00 ..7..... Buf2: Size = 3 (0x3); Api# = DbgKdReadVirtualMemoryApi 05 00 00 ... |
| 4 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdGetContextApi 32 31 00 00 DB 01 00 00 03 01 00 00 00 00 09 00 21.............. 00 00 14 00 90 9A 80 7C DF 5D 01 00 0A 00 00 00 .......|.]...... A0 D4 B2 00 A0 85 00 00 94 D5 B2 00 20 E9 90 7C ............ ..| 60 00 91 7C FF FF FF FF `..|.... |
| 4 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdGetContextApi 32 31 00 00 DB 01 00 00 00 00 00 00 00 00 09 00 21.............. 00 00 14 00 90 9A 80 7C DF 5D 01 00 0A 00 00 00 .......|.]...... A0 D4 B2 00 A0 85 00 00 94 D5 B2 00 20 E9 90 7C ............ ..| 60 00 91 7C FF FF FF FF `..|.... Buf2: Size = 716 (0x2CC); Api# = DbgKdGetContextApi 3F 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ?............... 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ 68 8A 54 80 D9 9A 4F 80 E1 9A 4F 80 F0 82 F8 81 h.T...O...O..... F3 AB 4F 80 F0 82 F8 81 08 EC FB 81 00 00 00 00 ..O............. 74 8A 54 80 16 AC 4F 80 00 00 00 00 01 00 00 00 t.T...O......... D4 8A 54 80 00 00 00 00 30 00 00 00 00 00 00 00 ..T.....0....... 30 00 00 00 23 00 00 00 23 00 00 00 52 10 4A CB 0...#...#...R.J. 6E 00 00 00 80 F9 DF FF 2C A4 EF BA 4C 9F 54 80 n.......,...L.T. 01 00 00 00 C0 8D 54 80 6D 02 54 80 08 00 00 00 ......T.m.T..... 02 02 00 00 B8 8D 54 80 10 00 00 00 38 83 F8 00 ......T.....8... 84 8A 54 80 32 14 4E F8 FF FF FF FF 10 50 53 80 ..T.2.N......PS. 08 A7 4D 80 FF FF FF FF 2F 87 52 80 63 87 52 80 ..M...../.R.c.R. F0 8A 54 80 05 00 00 00 40 00 00 00 70 8E 85 82 ..T.....@...p... 38 C2 00 82 00 00 00 00 00 00 00 00 00 00 00 00 8............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 89 62 6D 80 82 02 00 00 89 62 6D 80 96 02 00 00 .bm......bm..... 70 8E 85 82 1C BA 11 82 00 BA 11 82 00 00 00 AA p............... 27 00 00 00 C5 8A C0 AA 27 00 00 00 00 00 00 00 '.......'....... 00 00 00 00 D6 33 6A AA 27 00 00 00 00 00 00 00 .....3j.'....... A8 0D DF 81 00 00 00 00 94 E2 71 F8 00 00 00 00 ..........q..... 94 E2 71 F8 9C E2 71 F8 A8 0D DF 81 A8 0D DF 81 ..q...q......... AC 8B 54 80 2D 04 50 80 18 0E DF 81 02 8F 85 82 ..T.-.P......... 9C 8B 54 80 9C 8B 54 80 00 00 00 00 00 00 00 00 ..T...T......... C0 8B 54 80 7C 8C 4F 80 70 8E 85 82 5C 8C 54 80 ..T.|.O.p...\.T. B8 8F 85 82 D4 8B 54 80 D5 DE D4 BA 94 E2 71 F8 ......T.......q. 5C 8C 54 80 B8 8F 85 82 70 8E 85 82 16 00 00 C0 \.T.....p....... 5C 8C 54 80 B8 8F 85 82 C9 B7 64 80 BB 8F 85 82 \.T.......d..... 70 8E 85 82 00 00 00 00 08 E2 71 00 28 8C 54 80 p.........q.(.T. 62 03 4F 80 16 00 00 C0 70 8E 85 82 5C 8C 54 80 b.O.....p...\.T. 90 8C 54 80 70 8F 85 82 70 8E 85 82 00 00 00 00 ..T.p...p....... 00 00 00 00 01 00 00 00 94 8C 54 01 94 8C 54 80 ..........T...T. 38 BC 64 80 18 04 F4 81 70 AB 16 82 43 BC 64 80 8.d.....p...C.d. 00 00 00 00 38 C2 00 82 00 00 00 00 52 10 4A CB ....8.......R.J. 6E 00 00 00 52 10 4A CB 6E 00 00 00 7C 8C 54 80 n...R.J.n...|.T. 70 8C 54 80 00 00 00 00 2E 00 00 00 15 A0 ED BA p.T............. 5D 8D 54 80 94 8C 54 80 88 8C 54 80 15 A0 ED BA ].T...T...T..... 5D 8D 54 80 88 8D 54 80 98 8C 54 80 00 00 00 00 ].T...T...T..... 00 8D 54 80 24 8D 54 80 C0 B6 54 80 BF 82 ED BA ..T.$.T...T..... 52 10 4A CB 6E 00 00 00 7C 8D 54 80 4C 8D 54 80 R.J.n...|.T.L.T. 4C 8D 54 80 40 BB 00 00 20 89 54 80 L.T.@... .T. |
| 5 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 B4 B1 03 02 08 00 00 00 48 D2 B2 00 01..........H... C0 8D 54 80 FF FF FF FF 8C 00 00 00 08 00 00 00 ..T............. 08 00 00 00 61 F6 90 7C 40 02 00 00 14 00 00 00 ....a..|@....... 03 01 00 00 00 00 00 00 ........ |
| 5 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 B4 B1 03 02 00 00 00 00 48 D2 B2 00 01..........H... C0 8D 54 80 FF FF FF FF 8C 00 00 00 8C 00 00 00 ..T............. 08 00 00 00 61 F6 90 7C 40 02 00 00 14 00 00 00 ....a..|@....... 03 01 00 00 00 00 00 00 ........ Buf2: Size = 140 (0x8C); Api# = DbgKdReadVirtualMemoryApi 50 8E 54 80 62 10 5D F8 00 0D DB BA 27 00 00 00 P.T.b.].....'... 70 FC DF FF 00 00 00 AA 27 00 00 00 7A 27 C7 AA p.......'...z'.. 27 00 00 00 00 00 00 00 00 00 00 00 6D ED 70 AA '...........m.p. 27 00 00 00 00 00 00 00 00 00 00 00 27 00 00 00 '...........'... 70 FC DF FF 73 FD C3 AA 27 00 00 00 FF FF FF FF p...s...'....... 00 00 00 FF 30 F1 17 82 50 FC DF FF 70 FC DF FF ....0...P...p... 50 8E 54 80 00 00 00 00 62 10 5D F8 08 00 00 00 P.T.....b.]..... 46 02 00 00 70 FC DF FF 55 3F 52 80 00 F0 DF FF F...p...U?R..... 80 1B 55 80 20 19 55 80 50 FC DF FF ..U. .U.P... |
| 6 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 68 35 7D 00 00 00 00 00 01......h5}..... B9 6C 52 80 FF FF FF FF 01 00 00 00 7C F8 B2 00 .lR.........|... 40 D9 0A 03 48 47 EF 00 00 00 00 00 03 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... |
| 6 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 00 00 00 00 00 00 00 00 01.............. B9 6C 52 80 FF FF FF FF 01 00 00 00 01 00 00 00 .lR............. 40 D9 0A 03 48 47 EF 00 00 00 00 00 03 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... Buf2: Size = 1 (0x1); Api# = DbgKdReadVirtualMemoryApi 8B . |
| 7 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 3C F6 B2 00 F7 5C 04 03 01....{.<....\.. BA 6C 52 80 FF FF FF FF 80 00 00 00 13 00 00 00 .lR............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... |
| 7 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. BA 6C 52 80 FF FF FF FF 80 00 00 00 80 00 00 00 .lR............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 75 08 8B 46 08 33 C9 33 DB 38 5D 0C 0F 95 C1 39 u..F.3.3.8]....9 48 14 74 6D 57 8B 7E 0C 3B FB 74 5F 8A 46 10 D0 H.tmW.~.;.t_.F.. E8 A8 01 74 56 33 C0 6A 16 59 F3 AB 8B 46 0C 66 ...tV3.j.Y...F.f C7 00 0A 00 8B 46 0C 66 C7 40 02 58 00 8B 46 08 .....F.f.@.X..F. 8B 40 0C 8B 4E 0C 89 41 0C 8B 46 0C 89 58 08 8B .@..N..A..F..X.. 46 08 8A 40 04 8B 4E 0C C0 E8 03 24 01 66 0F B6 F..@..N....$.f.. C0 66 89 41 04 8B 46 08 8B 40 0C 8B 4E 0C 89 48 .f.A..F..@..N..H 24 8B 46 08 89 5E 0C 80 48 04 04 88 5D 0F 5F EB $.F..^..H...]._. |
| 8 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 3C F6 B2 00 F7 5C 04 03 01....{.<....\.. 3A 6D 52 80 FF FF FF FF 80 00 00 00 23 00 00 00 :mR.........#... 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... |
| 8 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. 3A 6D 52 80 FF FF FF FF 80 00 00 00 80 00 00 00 :mR............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 13 8B 48 0C 39 41 24 C6 45 0F 01 75 07 80 60 04 ..H.9A$.E..u..`. FE 89 58 08 FF 75 FC E8 B6 7E FC FF 38 5D 0F 74 ..X..u...~..8].t 31 53 8D 46 14 50 E8 9D 3E FD FF 8B 46 0C 3B C3 1S.F.P..>...F.;. 53 74 03 50 EB 03 FF 76 08 E8 6E CC 01 00 8B 4E St.P...v..n....N 04 E8 68 B0 FF FF 81 C6 48 FF FF FF 56 E8 00 98 ..h.....H...V... FC FF 8A 45 0F 5E 5B C9 C2 08 00 CC CC CC CC CC ...E.^[......... CC CC CC C3 8B FF CC C3 8B FF 8B 44 24 04 CC C2 ...........D$... 04 00 CC CC CC CC CC CC 68 24 02 00 00 68 08 A1 ........h$...h.. |
| 9 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 90 FA B2 00 F7 5C 04 03 01....{......\.. BA 6D 52 80 FF FF FF FF 80 00 00 00 33 00 00 00 .mR.........3... 90 FA B2 00 00 00 00 00 90 FA B2 00 40 D9 0A 03 ............@... 48 47 EF 00 00 00 00 00 HG...... |
| 9 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. BA 6D 52 80 FF FF FF FF 80 00 00 00 80 00 00 00 .mR............. 90 FA B2 00 00 00 00 00 90 FA B2 00 40 D9 0A 03 ............@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 4D 80 E8 1F 03 01 00 A1 40 A0 54 80 89 45 E4 8B M.......@.T..E.. 7D 08 8B 45 14 89 85 DC FD FF FF 8B 45 18 89 85 }..E........E... D8 FD FF FF 33 DB 83 7D 0C FF 74 13 FF 75 10 FF ....3..}..t..u.. 75 0C E8 15 44 01 00 85 C0 0F 84 C8 00 00 00 89 u...D........... 5D FC 8B C7 8D 48 01 8A 10 40 84 D2 75 F9 2B C1 ]....H...@..u.+. 8B F0 89 B5 E0 FD FF FF 8D 85 E4 FD FF FF 8A 0F ................ 88 08 47 40 84 C9 75 F6 FF B5 D8 FD FF FF FF B5 ..G@..u......... DC FD FF FF B8 00 02 00 00 2B C6 50 8D 84 35 E4 .........+.P..5. |
| 10 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 28 D8 B2 00 D0 61 7A 00 8C 00 00 00 01..(....az..... 62 10 5D F8 FF FF FF FF 80 00 00 00 48 88 EE 00 b.].........H... B8 00 91 7C 70 67 30 01 1C D8 B2 01 12 00 00 00 ...|pg0......... 00 00 00 00 00 00 00 00 ........ |
| 10 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 28 D8 B2 00 00 00 00 00 8C 00 00 00 01..(........... 62 10 5D F8 FF FF FF FF 80 00 00 00 80 00 00 00 b.]............. B8 00 91 7C 70 67 30 01 1C D8 B2 01 12 00 00 00 ...|pg0......... 00 00 00 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 6A 00 E8 41 04 00 00 59 89 41 08 89 51 0C 33 C0 j..A...Y.A..Q.3. C3 90 51 6A 00 E8 2E 04 00 00 8B 0C 24 89 01 89 ..Qj........$... 51 04 F6 41 10 01 75 27 8B 15 64 19 5D F8 F7 C2 Q..A..u'..d.]... 00 00 01 00 75 C8 83 C2 04 EC 83 EA 04 ED 6A 00 ....u.........j. E8 03 04 00 00 59 89 41 08 89 51 0C 33 C0 C3 8B .....Y.A..Q.3... 15 60 1C 5D F8 66 8B 41 10 66 C7 41 10 00 00 66 .`.].f.A.f.A...f EF 8B 15 64 1C 5D F8 0B D2 74 BD 66 8B 41 12 66 ...d.]...t.f.A.f EF EB B5 8D 49 00 66 BA F8 0C B8 54 00 00 80 EF ....I.f....T.... |
| 11 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 5F 8A 10 02 08 C0 7A 00 01......_.....z. 54 8E 54 80 FF FF FF FF 80 00 00 00 50 7D 33 02 T.T.........P}3. 50 00 EE 00 30 31 00 00 28 D8 B2 00 12 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ |
| 11 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 08 C0 7A 00 01............z. 54 8E 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 T.T............. 50 00 EE 00 30 31 00 00 28 D8 B2 00 12 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi C0 0C 54 80 00 00 00 00 0E 00 00 00 00 00 00 00 ..T............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
| 12 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 5F 8A 10 02 08 C0 7A 00 01......_.....z. 50 8E 54 80 FF FF FF FF 04 00 00 00 50 7D 33 02 P.T.........P}3. 50 00 EE 00 30 31 00 00 28 D8 B2 00 03 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ |
| 12 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 08 C0 7A 00 01............z. 50 8E 54 80 FF FF FF FF 04 00 00 00 04 00 00 00 P.T............. 50 00 EE 00 30 31 00 00 28 D8 B2 00 03 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ Buf2: Size = 4 (0x4); Api# = DbgKdReadVirtualMemoryApi 80 F9 DF FF .... |
| 13 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 02 00 00 00 84 D6 B2 00 BD 5D 10 02 01...........].. B0 0C 54 80 FF FF FF FF 80 00 00 00 00 00 00 00 ..T............. B8 A0 7A 00 3E 17 00 00 BD 5D 10 02 12 00 00 00 ..z.>....]...... E0 84 EE 00 00 00 00 00 ........ |
| 13 | +0:00:00.0015 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 02 00 00 00 00 00 00 00 BD 5D 10 02 01...........].. B0 0C 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 ..T............. B8 A0 7A 00 3E 17 00 00 BD 5D 10 02 12 00 00 00 ..z.>....]...... E0 84 EE 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 8D AB 80 09 00 00 EB 08 8D 8B 50 0C 00 00 FF 11 ..........P..... FB 90 90 FA 3B 6D 00 74 0D B1 02 FF 15 A8 76 4D ....;m.t......vM 80 E8 41 00 00 00 83 BB 28 01 00 00 00 74 D9 FB ..A.....(....t.. 8B B3 28 01 00 00 8B BB 24 01 00 00 83 C9 01 89 ..(.....$....... B3 24 01 00 00 26 C6 46 2D 02 C7 83 28 01 00 00 .$...&.F-...(... 00 00 00 00 68 0F 0D 54 80 9C E9 A9 FD FF FF 8D ....h..T........ AB 80 09 00 00 EB A9 6A 00 83 EC 0C 83 3D 0C A0 .......j.....=.. 55 80 00 75 62 89 25 94 F9 DF FF 8B 55 00 8B 0A U..ub.%.....U... |
| 14 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 F0 FF FF FF FF FF FF E8 D4 B2 00 01.............. D4 8E 54 80 FF FF FF FF 84 00 00 00 23 00 00 00 ..T.........#... 00 00 00 00 00 00 00 00 B8 A0 7A 00 F4 D4 00 00 ..........z..... C8 00 00 00 00 00 00 00 ........ |
| 14 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 F0 FF FF 00 00 00 00 E8 D4 B2 00 01.............. D4 8E 54 80 FF FF FF FF 84 00 00 00 84 00 00 00 ..T............. 00 00 00 00 00 00 00 00 B8 A0 7A 00 F4 D4 00 00 ..........z..... C8 00 00 00 00 00 00 00 ........ Buf2: Size = 132 (0x84); Api# = DbgKdReadVirtualMemoryApi FF FF FF FF 00 02 00 00 8C 0F 54 80 00 00 00 00 ..........T..... 00 00 00 00 00 00 00 00 00 00 00 00 7F 02 00 00 ............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 80 1F 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... |
| 15 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 88 D4 B2 00 00 00 00 00 01.............. 84 0F 54 80 FF FF FF FF 7C 00 00 00 88 9A 00 02 ..T.....|....... E8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... |
| 15 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 00 00 00 00 00 00 00 00 01.............. 84 0F 54 80 FF FF FF FF 7C 00 00 00 7C 00 00 00 ..T.....|...|... E8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... Buf2: Size = 124 (0x7C); Api# = DbgKdReadVirtualMemoryApi CC CC CC CC CC CC CC CC 33 DB 33 F6 33 FF 33 ED ........3.3.3.3. B9 01 00 00 00 FF 15 1C 77 4D 80 58 FF D0 59 0B ........wM.X..Y. C9 74 07 8B EC E9 12 BA FF FF 6A 0E E8 37 79 FB .t........j..7y. FF CC CC CC CC CC CC CC 53 55 33 DB 8B E9 8B 55 ........SU3....U 04 8B 45 00 0B C0 74 0B 8B CA 66 8B CB 0F C7 4D ..E...t...f....M 00 75 F1 5D 5B C3 8B FF 53 55 8B E9 8B 55 04 8B .u.][...SU...U.. 45 00 0B C0 74 0B 8D 4A FF 8B 18 0F C7 4D 00 75 E...t..J.....M.u F1 5D 5B C3 8F 04 24 90 53 55 8B E9 .][...$.SU.. |
| 16 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 88 D4 B2 00 00 00 00 00 01.............. 00 10 54 80 FF FF FF FF 04 00 00 00 88 9A 00 02 ..T............. E8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... |
| 16 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 00 00 00 00 00 00 00 00 01.............. 00 10 54 80 FF FF FF FF 04 00 00 00 04 00 00 00 ..T............. E8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... Buf2: Size = 4 (0x4); Api# = DbgKdReadVirtualMemoryApi 8B DA 8B 55 ...U |
| 17 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 68 35 7D 00 00 00 00 00 01......h5}..... 7D 01 54 80 FF FF FF FF 80 00 00 00 70 E8 B2 00 }.T.........p... 40 D9 0A 03 48 47 EF 00 00 00 00 00 12 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... |
| 17 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 00 00 00 00 00 00 00 00 01.............. 7D 01 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 }.T............. 40 D9 0A 03 48 47 EF 00 00 00 00 00 12 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 06 FF 05 1C ED 54 80 A1 18 ED 54 80 0F AF 05 1C .....T....T..... ED 54 80 03 C1 A3 00 00 DF FF 58 25 FF 00 00 00 .T........X%.... 8D 0C C5 00 22 55 80 8B 11 3B CA 74 0C 3B 72 FC ...."U...;.t.;r. 72 07 77 25 3B 7A F8 73 20 40 43 25 FF 00 00 00 r.w%;z.s @C%.... 8D 0C C5 00 22 55 80 8B 11 3B CA 74 50 3B 72 FC ...."U...;.tP;r. 72 4B 77 05 3B 7A F8 72 44 8B 0D 20 F0 DF FF 8D rKw.;z.rD.. .... 05 84 1F 55 80 8D 91 A0 08 00 00 83 78 18 00 75 ...U........x..u 2C FA FF 81 70 08 00 00 89 50 18 89 58 10 81 C1 ,...p....P..X... |
| 18 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 30 E6 B2 00 F7 5C 04 03 01....{.0....\.. FD 01 54 80 FF FF FF FF 43 00 00 00 1B 00 00 00 ..T.....C....... 30 E6 B2 00 00 00 00 00 30 E6 B2 00 40 D9 0A 03 0.......0...@... 48 47 EF 00 00 00 00 00 HG...... |
| 18 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. FD 01 54 80 FF FF FF FF 43 00 00 00 43 00 00 00 ..T.....C...C... 30 E6 B2 00 00 00 00 00 30 E6 B2 00 40 D9 0A 03 0.......0...@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 67 (0x43); Api# = DbgKdReadVirtualMemoryApi 60 08 00 00 8B 59 04 89 41 04 89 03 89 08 89 58 `....Y..A......X 04 FB B9 02 00 00 00 FF 15 00 77 4D 80 80 3D C1 ..........wM..=. B6 54 80 00 75 3A 83 3D B4 9F 54 80 00 7F 1F A1 .T..u:.=..T.... AC 9F 54 80 01 05 B4 9F 54 80 FF 34 24 E8 35 00 ..T.....T..4$.5. 00 00 FA ... |
| 19 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 84 EA B2 00 F7 5C 04 03 01....{......\.. 80 02 54 80 FF FF FF FF 80 00 00 00 33 00 00 00 ..T.........3... 84 EA B2 00 00 00 00 00 84 EA B2 00 40 D9 0A 03 ............@... C0 25 38 01 00 00 00 00 .%8..... |
| 19 | +0:00:00.0031 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. 80 02 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 ..T............. 84 EA B2 00 00 00 00 00 84 EA B2 00 40 D9 0A 03 ............@... C0 25 38 01 00 00 00 00 .%8..... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 8B 98 24 01 00 00 8B 4B 44 F7 45 70 00 00 02 00 ..$....KD.Ep.... 75 42 F6 45 6C 01 75 3C BA 00 00 00 00 FF 80 C8 uB.El.u<........ 05 00 00 80 7C 24 08 02 72 1E 77 14 83 3D 94 F9 ....|$..r.w..=.. DF FF 00 74 13 FF 80 D0 05 00 00 EB 2B 8D 49 00 ...t........+.I. FF 80 D8 05 00 00 EB 20 FF 83 44 01 00 00 FF 41 ....... ..D....A 38 EB 15 90 BA 01 00 00 00 FF 80 CC 05 00 00 FF 8............... 83 48 01 00 00 FF 41 3C 8B 88 8C 09 00 00 8B 90 .H....A<........ 9C 09 00 00 89 88 9C 09 00 00 2B CA 03 88 A0 09 ..........+..... |
| 20 | +0:01:11.0359 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadControlSpaceApi 37 31 00 00 24 69 00 00 03 01 00 00 DF 5D 3E 77 71..$i.......]>w CC 02 00 00 00 00 00 00 54 00 00 00 00 00 00 00 ........T....... 00 00 00 00 F5 18 0F 02 4C 88 EE 00 78 FD B2 00 ........L...x... 0D EF 1A 02 E8 F4 37 01 ......7. |
| 20 | +0:01:11.0359 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadControlSpaceApi 37 31 00 00 24 69 00 00 00 00 00 00 DF 5D 3E 77 71..$i.......]>w CC 02 00 00 00 00 00 00 54 00 00 00 54 00 00 00 ........T...T... 00 00 00 00 F5 18 0F 02 4C 88 EE 00 78 FD B2 00 ........L...x... 0D EF 1A 02 E8 F4 37 01 ......7. Buf2: Size = 84 (0x54); Api# = DbgKdReadControlSpaceApi 3B 00 01 80 00 D0 D5 E1 00 90 31 00 F9 06 00 00 ;.........1..... 90 29 90 F8 00 00 00 00 00 00 00 00 00 00 00 00 .).............. F0 4F FF FF 00 05 00 00 00 00 FF 03 00 F0 03 80 .O.............. 00 00 FF 07 00 F4 03 80 28 00 00 00 00 00 00 00 ........(....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... |
| 21 | +0:01:11.0359 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdContinueApi2 3C 31 00 00 00 00 00 00 01 00 01 00 6C FE B2 00 <1..........l... 01 00 01 00 01 00 00 00 00 05 00 00 01 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ........ |
| 21 | +0:01:11.0359 | 7 KD_STATE_CHANGE64 |
Buf1: Size = 240 (0xF0); Api# = DbgKdExceptionStateChange 30 30 00 00 06 00 00 00 01 00 00 00 FF FF FF FF 00.............. 20 19 55 80 FF FF FF FF 23 02 54 80 FF FF FF FF .U.....#.T..... 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 ................ 23 02 54 80 FF FF FF FF 00 00 00 00 00 00 00 00 #.T............. 2C A4 EF BA FF FF FF FF ED 34 65 80 FF FF FF FF ,........4e..... 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ 84 8D 54 01 00 00 00 00 84 8D 54 80 FF FF FF FF ..T.......T..... 38 BC 64 72 00 00 00 00 2E 00 00 00 00 00 00 00 8.dr............ 19 0C 67 E2 FF FF FF FF 8F 6F 35 D5 FF FF FF FF ..g......o5..... 00 00 03 00 00 00 00 00 00 00 01 00 00 00 00 00 ................ FF FF FF FF FF FF FF FF 61 D9 53 80 FF FF FF FF ........a.S..... C0 8D 54 80 FF FF FF FF 01 00 00 00 00 00 00 00 ..T............. F0 4F FF FF 00 05 00 00 10 00 03 00 83 3D B4 9F .O...........=.. 54 80 00 7F 1F A1 AC 9F 54 80 01 05 08 00 23 00 T......T.....#. 23 00 30 00 02 02 00 00 00 00 00 00 00 00 00 00 #.0............. Buf2: Size = 4 (0x4); Api# = DbgKdExceptionStateChange 01 00 00 00 .... |
| 22 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 09 C8 2E 02 18 A5 7A 00 00 00 00 00 01........z..... 00 02 54 80 FF FF FF FF 23 00 00 00 69 69 69 69 ..T.....#...iiii 04 00 00 00 00 00 80 80 00 00 00 00 07 00 00 00 ................ D4 DD 2E 02 00 00 00 00 ........ |
| 22 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 09 C8 2E 02 00 00 00 00 00 00 00 00 01.............. 00 02 54 80 FF FF FF FF 23 00 00 00 23 00 00 00 ..T.....#...#... 04 00 00 00 00 00 80 80 00 00 00 00 07 00 00 00 ................ D4 DD 2E 02 00 00 00 00 ........ Buf2: Size = 35 (0x23); Api# = DbgKdReadVirtualMemoryApi 00 8B 59 04 89 41 04 89 03 89 08 89 58 04 FB B9 ..Y..A......X... 02 00 00 00 FF 15 00 77 4D 80 80 3D C1 B6 54 80 .......wM..=..T. 00 75 3A .u: |
| 23 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 07 00 00 00 D4 DD 2E 02 01.............. 33 02 54 80 FF FF FF FF 0D 00 00 00 0A 00 00 00 3.T............. 50 7D 33 02 FC FD B2 00 43 85 10 02 00 02 54 80 P}3.....C.....T. FF FF FF FF 00 00 00 00 ........ |
| 23 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 D4 DD 2E 02 01.............. 33 02 54 80 FF FF FF FF 0D 00 00 00 0D 00 00 00 3.T............. 50 7D 33 02 FC FD B2 00 43 85 10 02 00 02 54 80 P}3.....C.....T. FF FF FF FF 00 00 00 00 ........ Buf2: Size = 13 (0xD); Api# = DbgKdReadVirtualMemoryApi B4 9F 54 80 FF 34 24 E8 35 00 00 00 FA ..T..4$.5.... |
| 24 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdGetContextApi 32 31 00 00 CC 12 00 00 03 01 00 00 00 00 00 00 21.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0A 00 00 00 24 8F 05 00 94 D5 B2 00 84 D5 B2 00 ....$........... 00 00 09 00 22 02 91 7C ...."..| |
| 24 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdGetContextApi 32 31 00 00 CC 12 00 00 00 00 00 00 00 00 00 00 21.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0A 00 00 00 24 8F 05 00 94 D5 B2 00 84 D5 B2 00 ....$........... 00 00 09 00 22 02 91 7C ...."..| Buf2: Size = 716 (0x2CC); Api# = DbgKdGetContextApi 3F 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ?............... 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................ 68 8A 54 80 D9 9A 4F 80 E1 9A 4F 80 F0 82 F8 81 h.T...O...O..... F3 AB 4F 80 F0 82 F8 81 08 EC FB 81 00 00 00 00 ..O............. 74 8A 54 80 16 AC 4F 80 00 00 00 00 01 00 00 00 t.T...O......... D4 8A 54 80 00 00 00 00 30 00 00 00 00 00 00 00 ..T.....0....... 30 00 00 00 23 00 00 00 23 00 00 00 52 10 4A CB 0...#...#...R.J. 6E 00 00 00 80 F9 DF FF 2C A4 EF BA 4C 9F 54 80 n.......,...L.T. 01 00 00 00 C0 8D 54 80 23 02 54 80 08 00 00 00 ......T.#.T..... 02 02 00 00 B8 8D 54 80 10 00 00 00 38 83 F8 00 ......T.....8... 84 8A 54 80 32 14 4E F8 FF FF FF FF 10 50 53 80 ..T.2.N......PS. 08 A7 4D 80 FF FF FF FF 2F 87 52 80 63 87 52 80 ..M...../.R.c.R. F0 8A 54 80 05 00 00 00 40 00 00 00 70 8E 85 82 ..T.....@...p... 38 C2 00 82 00 00 00 00 00 00 00 00 00 00 00 00 8............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 89 62 6D 80 82 02 00 00 89 62 6D 80 96 02 00 00 .bm......bm..... 70 8E 85 82 1C BA 11 82 00 BA 11 82 00 00 00 AA p............... 27 00 00 00 C5 8A C0 AA 27 00 00 00 00 00 00 00 '.......'....... 00 00 00 00 D6 33 6A AA 27 00 00 00 00 00 00 00 .....3j.'....... A8 0D DF 81 00 00 00 00 94 E2 71 F8 00 00 00 00 ..........q..... 94 E2 71 F8 9C E2 71 F8 A8 0D DF 81 A8 0D DF 81 ..q...q......... AC 8B 54 80 2D 04 50 80 18 0E DF 81 02 8F 85 82 ..T.-.P......... 9C 8B 54 80 9C 8B 54 80 00 00 00 00 00 00 00 00 ..T...T......... C0 8B 54 80 7C 8C 4F 80 70 8E 85 82 5C 8C 54 80 ..T.|.O.p...\.T. B8 8F 85 82 D4 8B 54 80 D5 DE D4 BA 94 E2 71 F8 ......T.......q. 5C 8C 54 80 B8 8F 85 82 70 8E 85 82 16 00 00 C0 \.T.....p....... 5C 8C 54 80 B8 8F 85 82 C9 B7 64 80 BB 8F 85 82 \.T.......d..... 70 8E 85 82 00 00 00 00 08 E2 71 00 28 8C 54 80 p.........q.(.T. 62 03 4F 80 16 00 00 C0 70 8E 85 82 5C 8C 54 80 b.O.....p...\.T. 90 8C 54 80 70 8F 85 82 70 8E 85 82 00 00 00 00 ..T.p...p....... 00 00 00 00 01 00 00 00 94 8C 54 01 94 8C 54 80 ..........T...T. 38 BC 64 80 18 04 F4 81 70 AB 16 82 43 BC 64 80 8.d.....p...C.d. 00 00 00 00 38 C2 00 82 00 00 00 00 52 10 4A CB ....8.......R.J. 6E 00 00 00 52 10 4A CB 6E 00 00 00 7C 8C 54 80 n...R.J.n...|.T. 70 8C 54 80 00 00 00 00 2E 00 00 00 15 A0 ED BA p.T............. 5D 8D 54 80 94 8C 54 80 88 8C 54 80 15 A0 ED BA ].T...T...T..... 5D 8D 54 80 88 8D 54 80 98 8C 54 80 00 00 00 00 ].T...T...T..... 00 8D 54 80 24 8D 54 80 C0 B6 54 80 BF 82 ED BA ..T.$.T...T..... 52 10 4A CB 6E 00 00 00 7C 8D 54 80 4C 8D 54 80 R.J.n...|.T.L.T. 4C 8D 54 80 40 BB 00 00 20 89 54 80 L.T.@... .T. |
| 25 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 B4 B1 03 02 08 00 00 00 48 D2 B2 00 01..........H... C0 8D 54 80 FF FF FF FF 8C 00 00 00 08 00 00 00 ..T............. 08 00 00 00 61 F6 90 7C 40 02 00 00 14 00 00 00 ....a..|@....... 03 01 00 00 00 00 00 00 ........ |
| 25 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 B4 B1 03 02 00 00 00 00 48 D2 B2 00 01..........H... C0 8D 54 80 FF FF FF FF 8C 00 00 00 8C 00 00 00 ..T............. 08 00 00 00 61 F6 90 7C 40 02 00 00 14 00 00 00 ....a..|@....... 03 01 00 00 00 00 00 00 ........ Buf2: Size = 140 (0x8C); Api# = DbgKdReadVirtualMemoryApi 50 8E 54 80 62 10 5D F8 00 0D DB BA 27 00 00 00 P.T.b.].....'... 70 FC DF FF 00 00 00 AA 27 00 00 00 7A 27 C7 AA p.......'...z'.. 27 00 00 00 00 00 00 00 00 00 00 00 6D ED 70 AA '...........m.p. 27 00 00 00 00 00 00 00 00 00 00 00 27 00 00 00 '...........'... 70 FC DF FF 73 FD C3 AA 27 00 00 00 FF FF FF FF p...s...'....... 00 00 00 FF 30 F1 17 82 50 FC DF FF 70 FC DF FF ....0...P...p... 50 8E 54 80 00 00 00 00 62 10 5D F8 08 00 00 00 P.T.....b.]..... 46 02 00 00 70 FC DF FF 55 3F 52 80 00 F0 DF FF F...p...U?R..... 80 1B 55 80 20 19 55 80 50 FC DF FF ..U. .U.P... |
| 26 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 68 35 7D 00 00 00 00 00 01......h5}..... 7D 01 54 80 FF FF FF FF 01 00 00 00 7C F8 B2 00 }.T.........|... 40 D9 0A 03 48 47 EF 00 00 00 00 00 03 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... |
| 26 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 00 00 00 00 00 00 00 00 01.............. 7D 01 54 80 FF FF FF FF 01 00 00 00 01 00 00 00 }.T............. 40 D9 0A 03 48 47 EF 00 00 00 00 00 03 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... Buf2: Size = 1 (0x1); Api# = DbgKdReadVirtualMemoryApi 06 . |
| 27 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 3C F6 B2 00 F7 5C 04 03 01....{.<....\.. 7E 01 54 80 FF FF FF FF 80 00 00 00 13 00 00 00 ~.T............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... |
| 27 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. 7E 01 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 ~.T............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi FF 05 1C ED 54 80 A1 18 ED 54 80 0F AF 05 1C ED ....T....T...... 54 80 03 C1 A3 00 00 DF FF 58 25 FF 00 00 00 8D T........X%..... 0C C5 00 22 55 80 8B 11 3B CA 74 0C 3B 72 FC 72 ..."U...;.t.;r.r 07 77 25 3B 7A F8 73 20 40 43 25 FF 00 00 00 8D .w%;z.s @C%..... 0C C5 00 22 55 80 8B 11 3B CA 74 50 3B 72 FC 72 ..."U...;.tP;r.r 4B 77 05 3B 7A F8 72 44 8B 0D 20 F0 DF FF 8D 05 Kw.;z.rD.. ..... 84 1F 55 80 8D 91 A0 08 00 00 83 78 18 00 75 2C ..U........x..u, FA FF 81 70 08 00 00 89 50 18 89 58 10 81 C1 60 ...p....P..X...` |
| 28 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 3C F6 B2 00 F7 5C 04 03 01....{.<....\.. FE 01 54 80 FF FF FF FF 02 00 00 00 13 00 00 00 ..T............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... |
| 28 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. FE 01 54 80 FF FF FF FF 02 00 00 00 02 00 00 00 ..T............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 2 (0x2); Api# = DbgKdReadVirtualMemoryApi 08 00 .. |
| 29 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadControlSpaceApi 37 31 00 00 92 BE 00 00 03 01 00 00 6C F6 B2 00 71..........l... CC 02 00 00 00 00 00 00 54 00 00 00 00 00 00 00 ........T....... 00 00 00 00 68 35 7D 00 57 00 07 80 90 1E 7B 00 ....h5}.W.....{. 4C 88 EE 00 9C F6 B2 00 L....... |
| 29 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadControlSpaceApi 37 31 00 00 92 BE 00 00 00 00 00 00 6C F6 B2 00 71..........l... CC 02 00 00 00 00 00 00 54 00 00 00 54 00 00 00 ........T...T... 00 00 00 00 68 35 7D 00 57 00 07 80 90 1E 7B 00 ....h5}.W.....{. 4C 88 EE 00 9C F6 B2 00 L....... Buf2: Size = 84 (0x54); Api# = DbgKdReadControlSpaceApi 3B 00 01 80 00 D0 D5 E1 00 90 31 00 F9 06 00 00 ;.........1..... 90 29 90 F8 00 00 00 00 00 00 00 00 00 00 00 00 .).............. F0 4F FF FF 00 05 00 00 00 00 FF 03 00 F0 03 80 .O.............. 00 00 FF 07 00 F4 03 80 28 00 00 00 00 00 00 00 ........(....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... |
| 30 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 10 00 00 00 10 00 00 00 49 D3 2E 00 01..........I... 20 F0 03 80 FF FF FF FF 80 00 00 00 18 A5 7A 00 .............z. 00 00 00 00 D0 F4 B2 00 10 00 00 00 12 00 00 00 ................ 00 00 00 00 00 00 00 00 ........ |
| 30 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 10 00 00 00 00 00 00 00 49 D3 2E 00 01..........I... 20 F0 03 80 FF FF FF FF 80 00 00 00 80 00 00 00 ............... 00 00 00 00 D0 F4 B2 00 10 00 00 00 12 00 00 00 ................ 00 00 00 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi FF FF 00 00 00 F3 CF 00 AB 20 00 20 04 8B 00 80 ......... . .... 01 00 00 F0 DF 93 C0 FF FF 0F 00 00 00 F3 40 00 ..............@. FF FF 00 04 00 F2 00 00 00 00 00 00 00 00 00 00 ................ 68 00 00 91 54 89 00 80 68 00 68 91 54 89 00 80 h...T...h.h.T... FF FF 30 2F 02 93 00 00 FF 3F 00 80 0B 92 00 00 ..0/.....?...... FF 03 00 70 FF 92 00 FF FF FF 00 00 40 9A 00 80 ...p........@... FF FF 00 00 40 92 00 80 00 00 00 00 00 92 00 00 ....@........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
| 31 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 08 00 00 00 3C F6 B2 00 50 00 EE 00 01......<...P... B4 9F 54 80 FF FF FF FF 4C 00 00 00 F1 37 12 02 ..T.....L....7.. 72 37 12 02 6C F6 B2 00 0C 38 12 02 12 00 00 00 r7..l....8...... 54 F7 B2 00 00 00 00 00 T....... |
| 31 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 08 00 00 00 00 00 00 00 50 00 EE 00 01..........P... B4 9F 54 80 FF FF FF FF 4C 00 00 00 4C 00 00 00 ..T.....L...L... 72 37 12 02 6C F6 B2 00 0C 38 12 02 12 00 00 00 r7..l....8...... 54 F7 B2 00 00 00 00 00 T....... Buf2: Size = 76 (0x4C); Api# = DbgKdReadVirtualMemoryApi 00 00 00 00 04 00 00 00 03 00 00 00 14 00 00 00 ................ 14 00 00 00 09 00 00 00 08 00 00 00 00 00 00 00 ................ 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 ................ 2E 00 00 00 D3 24 44 07 00 00 00 00 63 6F 73 00 .....$D.....cos. 00 00 00 00 00 00 00 00 00 00 00 00 ............ |
| 32 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 08 00 00 00 3C F6 B2 00 50 00 EE 00 01......<...P... 00 A0 54 80 FF FF FF FF 34 00 00 00 F1 37 12 02 ..T.....4....7.. 72 37 12 02 6C F6 B2 00 0C 38 12 02 12 00 00 00 r7..l....8...... 54 F7 B2 00 00 00 00 00 T....... |
| 32 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 08 00 00 00 00 00 00 00 50 00 EE 00 01..........P... 00 A0 54 80 FF FF FF FF 34 00 00 00 34 00 00 00 ..T.....4...4... 72 37 12 02 6C F6 B2 00 0C 38 12 02 12 00 00 00 r7..l....8...... 54 F7 B2 00 00 00 00 00 T....... Buf2: Size = 52 (0x34); Api# = DbgKdReadVirtualMemoryApi 73 69 6E 00 00 00 00 00 00 00 00 00 00 00 00 00 sin............. 73 71 72 74 00 00 00 00 20 05 93 19 36 63 D8 BA sqrt.... ...6c.. 20 A0 12 82 A8 E9 71 F8 00 00 00 00 00 00 00 00 .....q......... 01 00 00 00 .... |
| 33 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 3C F6 B2 00 F7 5C 04 03 01....{.<....\.. 40 02 54 80 FF FF FF FF 80 00 00 00 2B 00 00 00 @.T.........+... 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... |
| 33 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 90 1E 7B 00 00 00 00 00 F7 5C 04 03 01....{......\.. 40 02 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 @.T............. 3C F6 B2 00 00 00 00 00 3C F6 B2 00 40 D9 0A 03 <.......<...@... 48 47 EF 00 00 00 00 00 HG...... Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi FF 15 88 76 4D 80 E9 2D CE FF FF FF 05 C4 F5 DF ...vM..-........ FF FA FF 15 88 76 4D 80 E9 1B CE FF FF E8 28 63 .....vM.......(c FB FF 0A C0 74 BD 6A 01 E8 37 6B FE FF EB B4 90 ....t.j..7k..... FB 8D 49 00 A1 1C F0 DF FF 53 FF 80 C4 05 00 00 ..I......S...... 8B 98 24 01 00 00 8B 4B 44 F7 45 70 00 00 02 00 ..$....KD.Ep.... 75 42 F6 45 6C 01 75 3C BA 00 00 00 00 FF 80 C8 uB.El.u<........ 05 00 00 80 7C 24 08 02 72 1E 77 14 83 3D 94 F9 ....|$..r.w..=.. DF FF 00 74 13 FF 80 D0 05 00 00 EB 2B 8D 49 00 ...t........+.I. |
| 34 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 28 D8 B2 00 D0 61 7A 00 8C 00 00 00 01..(....az..... 62 10 5D F8 FF FF FF FF 80 00 00 00 48 88 EE 00 b.].........H... B8 00 91 7C 70 67 30 01 1C D8 B2 01 12 00 00 00 ...|pg0......... 00 00 00 00 00 00 00 00 ........ |
| 34 | +0:01:11.0375 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 28 D8 B2 00 00 00 00 00 8C 00 00 00 01..(........... 62 10 5D F8 FF FF FF FF 80 00 00 00 80 00 00 00 b.]............. B8 00 91 7C 70 67 30 01 1C D8 B2 01 12 00 00 00 ...|pg0......... 00 00 00 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 6A 00 E8 41 04 00 00 59 89 41 08 89 51 0C 33 C0 j..A...Y.A..Q.3. C3 90 51 6A 00 E8 2E 04 00 00 8B 0C 24 89 01 89 ..Qj........$... 51 04 F6 41 10 01 75 27 8B 15 64 19 5D F8 F7 C2 Q..A..u'..d.]... 00 00 01 00 75 C8 83 C2 04 EC 83 EA 04 ED 6A 00 ....u.........j. E8 03 04 00 00 59 89 41 08 89 51 0C 33 C0 C3 8B .....Y.A..Q.3... 15 60 1C 5D F8 66 8B 41 10 66 C7 41 10 00 00 66 .`.].f.A.f.A...f EF 8B 15 64 1C 5D F8 0B D2 74 BD 66 8B 41 12 66 ...d.]...t.f.A.f EF EB B5 8D 49 00 66 BA F8 0C B8 54 00 00 80 EF ....I.f....T.... |
| 35 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 5F 8A 10 02 08 C0 7A 00 01......_.....z. 54 8E 54 80 FF FF FF FF 80 00 00 00 50 7D 33 02 T.T.........P}3. 50 00 EE 00 30 31 00 00 28 D8 B2 00 12 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ |
| 35 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 08 C0 7A 00 01............z. 54 8E 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 T.T............. 50 00 EE 00 30 31 00 00 28 D8 B2 00 12 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi C0 0C 54 80 00 00 00 00 0E 00 00 00 00 00 00 00 ..T............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ |
| 36 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 5F 8A 10 02 08 C0 7A 00 01......_.....z. 50 8E 54 80 FF FF FF FF 04 00 00 00 50 7D 33 02 P.T.........P}3. 50 00 EE 00 30 31 00 00 28 D8 B2 00 03 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ |
| 36 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 08 C0 7A 00 01............z. 50 8E 54 80 FF FF FF FF 04 00 00 00 04 00 00 00 P.T............. 50 00 EE 00 30 31 00 00 28 D8 B2 00 03 00 00 00 P...01..(....... 8C 00 00 00 00 00 00 00 ........ Buf2: Size = 4 (0x4); Api# = DbgKdReadVirtualMemoryApi 80 F9 DF FF .... |
| 37 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 02 00 00 00 00 26 38 01 BD 5D 10 02 01.......&8..].. B0 0C 54 80 FF FF FF FF 80 00 00 00 00 00 00 00 ..T............. B8 A0 7A 00 3E 17 00 00 BD 5D 10 02 12 00 00 00 ..z.>....]...... E0 84 EE 00 00 00 00 00 ........ |
| 37 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 02 00 00 00 00 00 00 00 BD 5D 10 02 01...........].. B0 0C 54 80 FF FF FF FF 80 00 00 00 80 00 00 00 ..T............. B8 A0 7A 00 3E 17 00 00 BD 5D 10 02 12 00 00 00 ..z.>....]...... E0 84 EE 00 00 00 00 00 ........ Buf2: Size = 128 (0x80); Api# = DbgKdReadVirtualMemoryApi 8D AB 80 09 00 00 EB 08 8D 8B 50 0C 00 00 FF 11 ..........P..... FB 90 90 FA 3B 6D 00 74 0D B1 02 FF 15 A8 76 4D ....;m.t......vM 80 E8 41 00 00 00 83 BB 28 01 00 00 00 74 D9 FB ..A.....(....t.. 8B B3 28 01 00 00 8B BB 24 01 00 00 83 C9 01 89 ..(.....$....... B3 24 01 00 00 26 C6 46 2D 02 C7 83 28 01 00 00 .$...&.F-...(... 00 00 00 00 68 0F 0D 54 80 9C E9 A9 FD FF FF 8D ....h..T........ AB 80 09 00 00 EB A9 6A 00 83 EC 0C 83 3D 0C A0 .......j.....=.. 55 80 00 75 62 89 25 94 F9 DF FF 8B 55 00 8B 0A U..ub.%.....U... |
| 38 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 F0 FF FF FF FF FF FF E8 D4 B2 00 01.............. D4 8E 54 80 FF FF FF FF 84 00 00 00 23 00 00 00 ..T.........#... 00 00 00 00 00 00 00 00 B8 A0 7A 00 F4 D4 00 00 ..........z..... C8 00 00 00 00 00 00 00 ........ |
| 38 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 F0 FF FF 00 00 00 00 E8 D4 B2 00 01.............. D4 8E 54 80 FF FF FF FF 84 00 00 00 84 00 00 00 ..T............. 00 00 00 00 00 00 00 00 B8 A0 7A 00 F4 D4 00 00 ..........z..... C8 00 00 00 00 00 00 00 ........ Buf2: Size = 132 (0x84); Api# = DbgKdReadVirtualMemoryApi FF FF FF FF 00 02 00 00 8C 0F 54 80 00 00 00 00 ..........T..... 00 00 00 00 00 00 00 00 00 00 00 00 7F 02 00 00 ............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 80 1F 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 .... |
| 39 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 88 D4 B2 00 00 00 00 00 01.............. 84 0F 54 80 FF FF FF FF 7C 00 00 00 88 9A 00 02 ..T.....|....... A8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... |
| 39 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 00 00 00 00 00 00 00 00 01.............. 84 0F 54 80 FF FF FF FF 7C 00 00 00 7C 00 00 00 ..T.....|...|... A8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... Buf2: Size = 124 (0x7C); Api# = DbgKdReadVirtualMemoryApi CC CC CC CC CC CC CC CC 33 DB 33 F6 33 FF 33 ED ........3.3.3.3. B9 01 00 00 00 FF 15 1C 77 4D 80 58 FF D0 59 0B ........wM.X..Y. C9 74 07 8B EC E9 12 BA FF FF 6A 0E E8 37 79 FB .t........j..7y. FF CC CC CC CC CC CC CC 53 55 33 DB 8B E9 8B 55 ........SU3....U 04 8B 45 00 0B C0 74 0B 8B CA 66 8B CB 0F C7 4D ..E...t...f....M 00 75 F1 5D 5B C3 8B FF 53 55 8B E9 8B 55 04 8B .u.][...SU...U.. 45 00 0B C0 74 0B 8D 4A FF 8B 18 0F C7 4D 00 75 E...t..J.....M.u F1 5D 5B C3 8F 04 24 90 53 55 8B E9 .][...$.SU.. |
| 40 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 88 D4 B2 00 00 00 00 00 01.............. 00 10 54 80 FF FF FF FF 04 00 00 00 88 9A 00 02 ..T............. A8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... |
| 40 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 88 9A 00 02 00 00 00 00 00 00 00 00 01.............. 00 10 54 80 FF FF FF FF 04 00 00 00 04 00 00 00 ..T............. A8 20 35 02 84 00 00 00 00 00 00 00 12 00 00 00 . 5............. 08 C0 7A 00 00 00 00 00 ..z..... Buf2: Size = 4 (0x4); Api# = DbgKdReadVirtualMemoryApi 8B DA 8B 55 ...U |
| 41 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 01 00 00 00 04 00 00 00 01.............. 08 F0 03 80 FF FF FF FF 18 00 00 00 22 13 13 01 ............"... B0 29 EF 00 70 E9 B2 00 67 CF 0B 03 05 00 00 00 .)..p...g....... 22 13 13 01 00 00 00 00 "....... |
| 41 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 00 00 00 00 00 00 00 00 04 00 00 00 01.............. 08 F0 03 80 FF FF FF FF 18 00 00 00 18 00 00 00 ................ B0 29 EF 00 70 E9 B2 00 67 CF 0B 03 05 00 00 00 .)..p...g....... 22 13 13 01 00 00 00 00 "....... Buf2: Size = 24 (0x18); Api# = DbgKdReadVirtualMemoryApi FF FF 00 00 00 9B CF 00 FF FF 00 00 00 93 CF 00 ................ FF FF 00 00 00 FB CF 00 ........ |
| 42 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 68 35 7D 00 00 00 00 00 01......h5}..... 33 01 54 80 FF FF FF FF 4A 00 00 00 70 E8 B2 00 3.T.....J...p... 40 D9 0A 03 48 47 EF 00 00 00 00 00 0C 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... |
| 42 | +0:01:11.0390 | 2 KD_STATE_MANIPULATE |
Buf1: Size = 56 (0x38); Api# = DbgKdReadVirtualMemoryApi 30 31 00 00 F0 F0 F0 F0 00 00 00 00 00 00 00 00 01.............. 33 01 54 80 FF FF FF FF 4A 00 00 00 4A 00 00 00 3.T.....J...J... 40 D9 0A 03 48 47 EF 00 00 00 00 00 0C 00 00 00 @...HG.......... DF 5D 3E 77 00 00 00 00 .]>w.... Buf2: Size = 74 (0x4A); Api# = DbgKdReadVirtualMemoryApi 00 BB 00 00 DF FF 8B 4B 14 8B 53 18 03 0D B0 9F .......K..S..... 54 80 83 D2 00 89 53 1C 89 4B 14 89 53 18 8B D8 T.....S..K..S... 8B C8 8B 15 A4 9F 54 80 83 C1 01 83 D2 00 89 15 ......T......... A8 9F 54 80 89 0D A0 9F 54 80 89 15 A4 9F 54 80 ..T.....T.....T. 50 A1 00 00 DF FF 83 C0 01 73 P........s |