_xeroxz
/
BELog
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
BELog/DumpLog/GoodEye_Import_Address.LOG

367 lines
28 KiB
Raw Permalink Blame History

00000001 6:10:42 AM [GoodEye]Installed ImageNotifyRoutine... 0xFFFFF8007ADF1260
00000002 6:10:50 AM [GoodEye]> ============= Driver \Device\HarddiskVolume2\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys ================
00000003 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: _stricmp is 0xFFFFF8007BF9E700
00000004 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: _strnicmp is 0xFFFFF8007BF9E7B0
00000005 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: wcsncmp is 0xFFFFF8007BFA0C00
00000006 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: _wcsnicmp is 0xFFFFF8007BF9EDF0
00000007 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: wcsncat is 0xFFFFF8007BFA0BB0
00000008 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: wcsstr is 0xFFFFF8007BFA0D50
00000009 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: _wcsicmp is 0xFFFFF8007BF9ECB0
00000010 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: _wcslwr is 0xFFFFF8007BF9ED10
00000011 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlInitAnsiString is 0xFFFFF8007BED57A0
00000012 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlInitUnicodeString is 0xFFFFF8007BEA6560
00000013 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlAnsiStringToUnicodeString is 0xFFFFF8007C4DCB50
00000014 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlUnicodeStringToAnsiString is 0xFFFFF8007C41FFC0
00000015 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlFreeUnicodeString is 0xFFFFF8007C424760
00000016 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlFreeAnsiString is 0xFFFFF8007C424760
00000017 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlGetVersion is 0xFFFFF8007C4ACD40
00000018 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeInitializeEvent is 0xFFFFF8007BE98F10
00000019 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeSetEvent is 0xFFFFF8007BEB03C0
00000020 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeInitializeMutex is 0xFFFFF8007BE06450
00000021 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeReleaseMutex is 0xFFFFF8007BEB4690
00000022 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeWaitForSingleObject is 0xFFFFF8007BEA2A60
00000023 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ExAllocatePoolWithTag is 0xFFFFF8007C16F010
00000024 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ExAllocatePool is 0xFFFFF8007BF25F40
00000025 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ExFreePoolWithTag is 0xFFFFF8007C16F0A0
00000026 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ProbeForRead is 0xFFFFF8007C4922D0
00000027 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ProbeForWrite is 0xFFFFF8007C405C30
00000028 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsCreateSystemThread is 0xFFFFF8007C3B7E00
00000029 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsTerminateSystemThread is 0xFFFFF8007C48DDA0
00000030 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IofCompleteRequest is 0xFFFFF8007BEAF560
00000031 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoCreateDevice is 0xFFFFF8007C474B50
00000032 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoCreateSymbolicLink is 0xFFFFF8007C51AD00
00000033 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoDeleteDevice is 0xFFFFF8007BEE0F20
00000034 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoDeleteSymbolicLink is 0xFFFFF8007C53A2E0
00000035 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoGetCurrentProcess is 0xFFFFF8007BE92220
00000036 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoGetTopLevelIrp is 0xFFFFF8007BE95540
00000037 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObReferenceObjectByHandle is 0xFFFFF8007C40F8B0
00000038 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObfReferenceObject is 0xFFFFF8007BEA1030
00000039 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObfDereferenceObject is 0xFFFFF8007BEA0F60
00000040 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObRegisterCallbacks is 0xFFFFF8007C580FF0
00000041 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObUnRegisterCallbacks is 0xFFFFF8007C6A0F00
00000042 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObGetFilterVersion is 0xFFFFF8007C6A0EF0
00000043 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwOpenFile is 0xFFFFF8007BFBEFB0
00000044 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwQueryInformationFile is 0xFFFFF8007BFBEB70
00000045 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwReadFile is 0xFFFFF8007BFBEA10
00000046 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwClose is 0xFFFFF8007BFBEB30
00000047 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmIsAddressValid is 0xFFFFF8007C0C57D0
00000048 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsSetCreateProcessNotifyRoutineEx is 0xFFFFF8007C5533D0
00000049 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsSetCreateThreadNotifyRoutine is 0xFFFFF8007C5533F0
00000050 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsRemoveCreateThreadNotifyRoutine is 0xFFFFF8007C6CCC70
00000051 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsSetLoadImageNotifyRoutine is 0xFFFFF8007C553410
00000052 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsRemoveLoadImageNotifyRoutine is 0xFFFFF8007C6CCD60
00000053 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetCurrentProcessId is 0xFFFFF8007BEE0F00
00000054 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetCurrentThreadId is 0xFFFFF8007BF06380
00000055 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetProcessId is 0xFFFFF8007BE927A0
00000056 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetThreadId is 0xFFFFF8007BF0BEC0
00000057 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetThreadProcessId is 0xFFFFF8007BF11A70
00000058 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwDeviceIoControlFile is 0xFFFFF8007BFBEA30
00000059 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlRandomEx is 0xFFFFF8007BED44A0
00000060 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsLookupProcessByProcessId is 0xFFFFF8007C3F0630
00000061 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsLookupThreadByThreadId is 0xFFFFF8007C3F08C0
00000062 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetThreadProcess is 0xFFFFF8007BE1B010
00000063 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoQueryFileDosDeviceName is 0xFFFFF8007C4C7BE0
00000064 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObOpenObjectByPointer is 0xFFFFF8007C3FF420
00000065 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObQueryNameString is 0xFFFFF8007C4C7BC0
00000066 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwOpenDirectoryObject is 0xFFFFF8007BFBF450
00000067 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetProcessImageFileName is 0xFFFFF8007BF16680
00000068 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetProcessInheritedFromUniqueProcessId is 0xFFFFF8007BE19E30
00000069 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwQueryInformationThread is 0xFFFFF8007BFBEDF0
00000070 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwQuerySystemInformation is 0xFFFFF8007BFBF010
00000071 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsAcquireProcessExitSynchronization is 0xFFFFF8007C4D8DC0
00000072 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsReleaseProcessExitSynchronization is 0xFFFFF8007C49FF60
00000073 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ExfUnblockPushLock is 0xFFFFF8007BFBE570
00000074 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ExEnumHandleTable is 0xFFFFF8007C488ED0
00000075 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwQueryDirectoryObject is 0xFFFFF8007BFC10F0
00000076 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObOpenObjectByName is 0xFFFFF8007C4133E0
00000077 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: CmUnRegisterCallback is 0xFFFFF8007C627D50
00000078 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmProbeAndLockPages is 0xFFFFF8007BEBCA90
00000079 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmUnlockPages is 0xFFFFF8007BEB3030
00000080 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoAllocateMdl is 0xFFFFF8007BE99330
00000081 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoFreeMdl is 0xFFFFF8007BEEFB20
00000082 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObReferenceObjectByName is 0xFFFFF8007C3F44A0
00000083 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwOpenSection is 0xFFFFF8007BFBF030
00000084 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeStackAttachProcess is 0xFFFFF8007BE920E0
00000085 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeUnstackDetachProcess is 0xFFFFF8007BE9D3B0
00000086 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetProcessPeb is 0xFFFFF8007BF138F0
00000087 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetProcessWow64Process is 0xFFFFF8007BEF8FD0
00000088 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlWalkFrameChain is 0xFFFFF8007BE09DC0
00000089 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeInitializeApc is 0xFFFFF8007BEC7A50
00000090 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeInsertQueueApc is 0xFFFFF8007BEC5F50
00000091 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwTerminateProcess is 0xFFFFF8007BFBEED0
00000092 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmUnmapViewOfSection is 0xFFFFF8007C3CE0D0
00000093 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsSuspendProcess is 0xFFFFF8007C6CD140
00000094 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsResumeProcess is 0xFFFFF8007C4A00D0
00000095 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwCreateSection is 0xFFFFF8007BFBF290
00000096 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwMapViewOfSection is 0xFFFFF8007BFBEE50
00000097 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwUnmapViewOfSection is 0xFFFFF8007BFBEE90
00000098 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoThreadToProcess is 0xFFFFF8007BE1B010
00000099 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwAllocateVirtualMemory is 0xFFFFF8007BFBEC50
00000100 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwFreeVirtualMemory is 0xFFFFF8007BFBED10
00000101 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetContextThread is 0xFFFFF8007C6CBF30
00000102 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmCopyVirtualMemory is 0xFFFFF8007C419850
00000103 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwOpenThread is 0xFFFFF8007BFC0E70
00000104 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmMapIoSpace is 0xFFFFF8007BF051E0
00000105 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmUnmapIoSpace is 0xFFFFF8007BF03BE0
00000106 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmGetPhysicalAddress is 0xFFFFF8007BF10580
00000107 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: KeDelayExecutionThread is 0xFFFFF8007BE9DE80
00000108 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlCompareUnicodeString is 0xFFFFF8007C41FE90
00000109 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsGetProcessSessionId is 0xFFFFF8007BED04D0
00000110 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: MmCopyMemory is 0xFFFFF8007BF2A060
00000111 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ZwTraceControl is 0xFFFFF8007BFC20F0
00000112 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: RtlImageNtHeader is 0xFFFFF8007BE88E20
00000113 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoFileObjectType is 0xFFFFF8007C3743C8
00000114 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsProcessType is 0xFFFFF8007C374390
00000115 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsThreadType is 0xFFFFF8007C3743B8
00000116 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: PsInitialSystemProcess is 0xFFFFF8007C3743A0
00000117 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: IoDriverObjectType is 0xFFFFF8007C374518
00000118 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: NtBuildNumber is 0xFFFFF8007C196238
00000127 6:10:50 AM [GoodEye]MmGetSystemRoutineAddress: ObGetObjectType is 0xFFFFF8007C3DE960
00000128 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: MmIsAddressValid is 0xFFFFF8007C0C57D0
00000129 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: ZwQuerySystemInformation is 0xFFFFF8007BFBF010
00000130 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: NtQuerySystemInformation is 0xFFFFF8007C3FFDE0
00000131 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: ZwClose is 0xFFFFF8007BFBEB30
00000132 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: ZwClose is 0xFFFFF8007BFBEB30
00000133 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: ZwClose is 0xFFFFF8007BFBEB30
00000134 6:10:54 AM [GoodEye]MmGetSystemRoutineAddress: ZwClose is 0xFFFFF8007BFBEB30
//
// file system imports
//
[GoodEye]FltGetRoutineAddress: FltRegisterFilter, 0xFFFFF8007FB5B590
[GoodEye]FltGetRoutineAddress: FltUnregisterFilter, 0xFFFFF8007FB5D0E0
[GoodEye]FltGetRoutineAddress: FltStartFiltering, 0xFFFFF8007FB5CE00
[GoodEye]FltGetRoutineAddress: FltGetFileNameInformation, 0xFFFFF8007FB18190
[GoodEye]FltGetRoutineAddress: FltReleaseFileNameInformation, 0xFFFFF8007FB4EC80
[GoodEye]FltGetRoutineAddress: FltReadFile, 0xFFFFF8007FB28100
[GoodEye]FltGetRoutineAddress: FltQueryInformationFile, 0xFFFFF8007FB4C3B0
[GoodEye]FltGetRoutineAddress: FltGetRequestorProcess, 0xFFFFF8007FB1C0E0
//
// loaded drivers at the time of dump (windows 10 2004)
//
win32k.sys, 0xffff84384c090000, 560 kB, Full/Desktop Multi-User Win32 Driver
win32kfull.sys, 0xffff84384c2c0000, 3.63 MB, Full/Desktop Win32k Kernel Driver
win32kbase.sys, 0xffff84384ca50000, 2.65 MB, Base Win32k Kernel Driver
cdd.dll, 0xffff84384cd00000, 288 kB, Canonical Display Driver
peauth.sys, 0xfffff8007a600000, 856 kB, Protected Environment Authentication and Authorization Export Driver
srv2.sys, 0xfffff8007a6e0000, 788 kB, Smb 2.0 Server driver
tcpipreg.sys, 0xfffff8007a7b0000, 80 kB, TCP/IP Registry Compatibility Driver
tdevmonc.sys, 0xfffff8007a7d0000, 56 kB, Tibbo Device Monitor core driver
rassstp.sys, 0xfffff8007a7e0000, 116 kB, RAS SSTP Miniport Call Manager
NDProxy.sys, 0xfffff8007a800000, 260 kB, NDIS Proxy
AgileVpn.sys, 0xfffff8007a850000, 156 kB, RAS Agile Vpn Miniport Call Manager
rasl2tp.sys, 0xfffff8007a880000, 136 kB, RAS L2TP mini-port/call-manager driver
raspptp.sys, 0xfffff8007a8b0000, 128 kB, Peer-to-Peer Tunneling Protocol
raspppoe.sys, 0xfffff8007a8e0000, 112 kB, RAS PPPoE mini-port/call-manager driver
ndistapi.sys, 0xfffff8007a900000, 60 kB, NDIS 3.0 connection wrapper driver
ndiswan.sys, 0xfffff8007a910000, 232 kB, MS PPP Framing Driver (Strong Encryption)
condrv.sys, 0xfffff8007a950000, 76 kB, Console Driver
p9rdr.sys, 0xfffff8007a970000, 104 kB, Plan 9 redirector
bindflt.sys, 0xfffff8007a990000, 132 kB, Windows Bind Filter Driver
asyncmac.sys, 0xfffff8007ab20000, 56 kB, MS Remote Access serial network driver
ssudbus.sys, 0xfffff8007ab30000, 128 kB, SAMSUNG USB Composite Device Driver
WinUsb.sys, 0xfffff8007ab60000, 128 kB, Windows WinUSB Class Driver
WUDFRd.sys, 0xfffff8007ab90000, 320 kB, Windows Driver Foundation - User-mode Driver Framework Reflector
WpdUpFltr.sys, 0xfffff8007abf0000, 56 kB, Windows Portable Device Upper Class Filter Driver
VMMR0.r0, 0xfffff8007ac00000, 1.59 MB, VirtualBox VMM - ring-0 context parts
VBoxDDR0.r0, 0xfffff8007ada0000, 200 kB, VirtualBox VMM Devices and Drivers, ring-0
Dbgv.sys, 0xfffff8007ade0000, 36 kB, Windows Debug Monitor
GoodEye.sys, 0xfffff8007adf0000, 28 kB,
HTTP.sys, 0xfffff8007af20000, 1.27 MB, HTTP Protocol Stack
mpsdrv.sys, 0xfffff8007b070000, 104 kB, Microsoft Protection Service Driver
vwifimp.sys, 0xfffff8007b090000, 76 kB, Virtual WiFi Miniport Driver
IntelHaxm.sys, 0xfffff8007b0b0000, 188 kB, HAXM_Driver
srvnet.sys, 0xfffff8007b0e0000, 332 kB, Server Network driver
Ndu.sys, 0xfffff8007b140000, 156 kB, Windows Network Data Usage Monitoring Driver
npf.sys, 0xfffff8007b170000, 48 kB, npf.sys (NT5/6 AMD64) Kernel Driver
hal.dll, 0xfffff8007bd5c000, 656 kB, Hardware Abstraction Layer DLL
ntoskrnl.exe, 0xfffff8007be00000, 10.71 MB, NT Kernel & System
kprocesshacker.sys, 0xfffff8007e420000, 44 kB, KProcessHacker
kd.dll, 0xfffff8007f600000, 44 kB, Local Kernel Debugger
mcupdate_GenuineIntel.dll, 0xfffff8007f610000, 2.3 MB, Intel Microcode Update Library
werkernel.sys, 0xfffff8007f860000, 68 kB, Windows Error Reporting Kernel Driver
ksecdd.sys, 0xfffff8007f880000, 168 kB, Kernel Security Support Provider Interface
msrpc.sys, 0xfffff8007f8b0000, 384 kB, Kernel Remote Procedure Call Provider
tm.sys, 0xfffff8007f920000, 156 kB, Kernel Transaction Manager Driver
CLFS.SYS, 0xfffff8007f950000, 416 kB, Common Log File System Driver
PSHED.dll, 0xfffff8007f9c0000, 104 kB, Platform Specific Hardware Error Driver
BOOTVID.dll, 0xfffff8007f9e0000, 44 kB, VGA Boot Driver
cmimcext.sys, 0xfffff8007f9f0000, 56 kB, Kernel Configuration Manager Initial Configuration Extension Host Export Driver
clipsp.sys, 0xfffff8007fa00000, 1.02 MB, CLIP Service
FLTMGR.SYS, 0xfffff8007fb10000, 452 kB, Microsoft Filesystem Filter Manager
ntosext.sys, 0xfffff8007fb90000, 48 kB, NTOS extension host driver
CI.dll, 0xfffff8007fba0000, 884 kB, Code Integrity Module
cng.sys, 0xfffff8007fc80000, 752 kB, Kernel Cryptography, Next Generation
Wdf01000.sys, 0xfffff8007fd40000, 852 kB, Kernel Mode Driver Framework Runtime
WDFLDR.SYS, 0xfffff8007fe20000, 76 kB, Kernel Mode Driver Framework Loader
SleepStudyHelper.sys, 0xfffff8007fe40000, 60 kB, Sleep Study Helper
WppRecorder.sys, 0xfffff8007fe50000, 64 kB, WPP Trace Recorder
acpiex.sys, 0xfffff8007fe70000, 148 kB, ACPIEx Driver
mssecflt.sys, 0xfffff8007fea0000, 264 kB, Microsoft Security Events Component file system filter driver
SgrmAgent.sys, 0xfffff8007fef0000, 104 kB, System Guard Runtime Monitor Agent Driver
lxss.sys, 0xfffff8007ff10000, 40 kB, LXSS
LXCORE.SYS, 0xfffff8007ff20000, 1.09 MB, LX Core
ACPI.sys, 0xfffff80080040000, 816 kB, ACPI Driver for NT
WMILIB.SYS, 0xfffff80080110000, 48 kB, WMILIB WMI support library Dll
msisadrv.sys, 0xfffff80080120000, 44 kB, ISA Driver
pci.sys, 0xfffff80080130000, 444 kB, NT Plug and Play PCI Enumerator
tpm.sys, 0xfffff800801a0000, 256 kB, TPM Device Driver
WindowsTrustedRTProxy.sys, 0xfffff800801f0000, 44 kB, Windows Trusted Runtime Service Proxy Driver
intelpep.sys, 0xfffff80080220000, 364 kB, Intel Power Engine Plugin
WindowsTrustedRT.sys, 0xfffff80080280000, 92 kB, Windows Trusted Runtime Interface Driver
pcw.sys, 0xfffff800802a0000, 84 kB, Performance Counters for Windows Driver
vdrvroot.sys, 0xfffff800802c0000, 76 kB, Virtual Drive Root Enumerator
pdc.sys, 0xfffff800802e0000, 204 kB, Power Dependency Coordinator Driver
CEA.sys, 0xfffff80080320000, 100 kB, Event Aggregation Kernel Mode Library
partmgr.sys, 0xfffff80080340000, 192 kB, Partition driver
spaceport.sys, 0xfffff80080380000, 660 kB, Storage Spaces Driver
volmgr.sys, 0xfffff80080430000, 104 kB, Volume Manager Driver
volmgrx.sys, 0xfffff80080450000, 396 kB, Volume Manager Extension Driver
mountmgr.sys, 0xfffff800804c0000, 124 kB, Mount Point Manager
iaStorA.sys, 0xfffff800804e0000, 5.46 MB, Intel(R) Rapid Storage Technology driver - x64
storport.sys, 0xfffff80080a60000, 648 kB, Microsoft Storage Port Driver
EhStorClass.sys, 0xfffff80080b10000, 108 kB, Enhanced Storage Class driver for IEEE 1667 devices
fileinfo.sys, 0xfffff80080b30000, 104 kB, FileInfo Filter Driver
pmdrvs.sys, 0xfffff80080b50000, 40 kB, Lenovo Power Management Driver
Fs_Rec.sys, 0xfffff80080b60000, 52 kB, File System Recognizer Driver
Wof.sys, 0xfffff80080b80000, 244 kB, Windows Overlay Filter
WdFilter.sys, 0xfffff80080bc0000, 336 kB, Microsoft antimalware file system filter driver
Ntfs.sys, 0xfffff80080c20000, 2.61 MB, NT File System Driver
ndis.sys, 0xfffff80080ec0000, 1.45 MB, Network Driver Interface Specification (NDIS)
NETIO.SYS, 0xfffff80081040000, 592 kB, Network I/O Subsystem
ksecpkg.sys, 0xfffff800810e0000, 200 kB, Kernel Security Support Provider Interface Packages
tcpip.sys, 0xfffff80081120000, 2.91 MB, TCP/IP Driver
fwpkclnt.sys, 0xfffff80081410000, 488 kB, FWP/IPsec Kernel-Mode API
wfplwfs.sys, 0xfffff80081490000, 192 kB, WFP NDIS 6.30 Lightweight Filter Driver
VmsProxy.sys, 0xfffff800814d0000, 64 kB, VMSWITCH Proxy Driver
vmbkmclr.sys, 0xfffff800814f0000, 128 kB, Hyper-V VMBus Root KMCL
VmsProxyHNic.sys, 0xfffff80081520000, 60 kB, VmSwitch NIC Proxy Driver
fvevol.sys, 0xfffff80081530000, 804 kB, BitLocker Drive Encryption Driver
volume.sys, 0xfffff80081600000, 44 kB, Volume driver
volsnap.sys, 0xfffff80081610000, 436 kB, Volume Shadow Copy driver
rdyboost.sys, 0xfffff80081680000, 312 kB, ReadyBoost Driver
mup.sys, 0xfffff800816d0000, 148 kB, Multiple UNC Provider Driver
iorate.sys, 0xfffff80081700000, 72 kB, I/O rate control Filter
IntelPcc.sys, 0xfffff80081720000, 88 kB, Intel Collaborative Processor Performance Control (CPPC) Driver
disk.sys, 0xfffff80081760000, 112 kB, PnP Disk Driver
CLASSPNP.SYS, 0xfffff80081780000, 428 kB, SCSI Class System Dll
VBoxDrv.sys, 0xfffff80c57020000, 1.07 MB, VirtualBox Support Driver
npsvctrig.sys, 0xfffff80c57140000, 52 kB, Named pipe service triggers
mssmbios.sys, 0xfffff80c57150000, 64 kB, System Management BIOS Driver
HWiNFO64A.SYS, 0xfffff80c57170000, 40 kB, HWiNFO AMD64 Kernel Driver
gpuenergydrv.sys, 0xfffff80c57180000, 40 kB, GPU Energy Kernel Driver
dfsc.sys, 0xfffff80c57190000, 176 kB, DFS Namespace Client Driver
umbus.sys, 0xfffff80c571c0000, 84 kB, User-Mode Bus Enumerator
bam.sys, 0xfffff80c571e0000, 88 kB, BAM Kernel Driver
ahcache.sys, 0xfffff80c57200000, 316 kB, Application Compatibility Cache
tap0901.sys, 0xfffff80c57250000, 48 kB, TAP-Windows Virtual Network Driver (NDIS 6.0)
VBoxNetAdp6.sys, 0xfffff80c57260000, 328 kB, VirtualBox NDIS 6.0 Host-Only Network Adapter Driver
tapprotonvpn.sys, 0xfffff80c572c0000, 48 kB, TAP-Windows Virtual Network Driver (NDIS 6.0)
Vid.sys, 0xfffff80c572d0000, 560 kB, Microsoft Hyper-V Virtualization Infrastructure Driver
winhvr.sys, 0xfffff80c57360000, 124 kB, Windows Hypervisor Root Interface Driver
CompositeBus.sys, 0xfffff80c57380000, 68 kB, Multi-Transport Composite Bus Enumerator
kdnic.sys, 0xfffff80c573a0000, 52 kB, Microsoft Kernel Debugger Network Miniport
crashdmp.sys, 0xfffff80c573e0000, 116 kB, Crash Dump Driver
dump_iaStorA.sys, 0xfffff80c57a00000, 5.46 MB,
cdrom.sys, 0xfffff80c57fc0000, 192 kB, SCSI CD-ROM Driver
filecrypt.sys, 0xfffff80c58000000, 84 kB, Windows sandboxing and encryption filter
tbs.sys, 0xfffff80c58020000, 56 kB, Export driver for kernel mode TPM API
Null.SYS, 0xfffff80c58030000, 40 kB, NULL Driver
Beep.SYS, 0xfffff80c58040000, 40 kB, BEEP Driver
dxgkrnl.sys, 0xfffff80c58050000, 3.44 MB, DirectX Graphics Kernel
watchdog.sys, 0xfffff80c583d0000, 88 kB, Watchdog Driver
BasicDisplay.sys, 0xfffff80c583f0000, 88 kB, Microsoft Basic Display Driver
BasicRender.sys, 0xfffff80c58410000, 68 kB, Microsoft Basic Render Driver
Npfs.SYS, 0xfffff80c58430000, 112 kB, NPFS Driver
Msfs.SYS, 0xfffff80c58450000, 68 kB, Mailslot driver
tdx.sys, 0xfffff80c58470000, 152 kB, TDI Translation Driver
TDI.SYS, 0xfffff80c584a0000, 64 kB, TDI Wrapper
netbt.sys, 0xfffff80c584c0000, 356 kB, MBT Transport driver
afunix.sys, 0xfffff80c58520000, 76 kB, AF_UNIX socket provider
afd.sys, 0xfffff80c58540000, 668 kB, Ancillary Function Driver for WinSock
npcap.sys, 0xfffff80c585f0000, 76 kB, npcap.sys (NT6 AMD64) Kernel Filter Driver
VBoxNetLwf.sys, 0xfffff80c58610000, 344 kB, VirtualBox NDIS 6.0 Lightweight Filter Driver
vwififlt.sys, 0xfffff80c58670000, 104 kB, Virtual WiFi Filter Driver
pacer.sys, 0xfffff80c58690000, 172 kB, QoS Packet Scheduler
netbios.sys, 0xfffff80c586c0000, 80 kB, NetBIOS interface driver
smi.sys, 0xfffff80c586e0000, 40 kB, SSO SMI Kernel Mode Driver
rdbss.sys, 0xfffff80c586f0000, 492 kB, Redirected Drive Buffering SubSystem Driver
nsiproxy.sys, 0xfffff80c58770000, 72 kB, NSI Proxy
csc.sys, 0xfffff80c58d10000, 592 kB, Windows Client Side Caching Driver
VBoxUSBMon.sys, 0xfffff80c58db0000, 220 kB, VirtualBox USB Monitor Driver
Tppwr64v.sys, 0xfffff80c58df0000, 36 kB, Power Manager
igdkmd64.sys, 0xfffff80c58e00000, 7.77 MB, Intel Graphics Kernel Mode Driver
USBXHCI.SYS, 0xfffff80c595d0000, 548 kB, USB XHCI Driver
TeeDriverW8x64.sys, 0xfffff80c59660000, 208 kB, Intel(R) Management Engine Interface
e1d68x64.sys, 0xfffff80c596a0000, 596 kB, Intel(R) Gigabit Adapter NDIS 6.x driver
usbehci.sys, 0xfffff80c59740000, 116 kB, EHCI eUSB Miniport Driver
USBPORT.SYS, 0xfffff80c59760000, 488 kB, USB 1.1 & 2.0 Port Driver
RtsPer.sys, 0xfffff80c597e0000, 880 kB, RTS PCIE READER Driver
nwifi.sys, 0xfffff80c598c0000, 712 kB, NativeWiFi Miniport Driver
CAD.sys, 0xfffff80c59a90000, 84 kB, Charge Arbiration Driver
intelppm.sys, 0xfffff80c59ab0000, 248 kB, Processor Device Driver
USBD.SYS, 0xfffff80c59c00000, 56 kB, Universal Serial Bus Driver
HIDPARSE.SYS, 0xfffff80c59c10000, 76 kB, Hid Parsing Library
kbdclass.sys, 0xfffff80c59c30000, 80 kB, Keyboard Class Driver
mouclass.sys, 0xfffff80c59c50000, 76 kB, Mouse Class Driver
CmBatt.sys, 0xfffff80c59c70000, 60 kB, Control Method Battery Driver
BATTC.SYS, 0xfffff80c59c80000, 64 kB, Battery Class Driver
ibmpmdrv.sys, 0xfffff80c59ca0000, 84 kB, Lenovo Power Management Driver
Smb_driver_Intel.sys, 0xfffff80c59cc0000, 60 kB, Synaptics SMBus Driver
wmiacpi.sys, 0xfffff80c59cd0000, 48 kB, Windows Management Interface for ACPI
NdisVirtualBus.sys, 0xfffff80c59ce0000, 52 kB, Microsoft Virtual Network Adapter Enumerator
swenum.sys, 0xfffff80c59cf0000, 48 kB, Plug and Play Software Device Enumerator
rdpbus.sys, 0xfffff80c59d00000, 56 kB, Microsoft RDP Bus Device driver
usbhub.sys, 0xfffff80c59d10000, 552 kB, Default Hub Driver for USB
ksthunk.sys, 0xfffff80c59e20000, 60 kB, Kernel Streaming WOW Thunk Service
UsbHub3.sys, 0xfffff80c59e30000, 640 kB, USB3 HUB Driver
vmswitch.sys, 0xfffff80c59ee0000, 2.35 MB, Microsoft® Network Virtualization Service Provider
Netwbw02.sys, 0xfffff80c5a170000, 3.55 MB, Intel® Wireless WiFi Link Driver
vwifibus.sys, 0xfffff80c5a500000, 56 kB, Virtual Wireless Bus Driver
i8042prt.sys, 0xfffff80c5a510000, 140 kB, i8042 Port Driver
SynTP.sys, 0xfffff80c5a540000, 716 kB, Synaptics Touchpad Win64 Driver
ks.sys, 0xfffff80c5b200000, 480 kB, Kernel CSA Library
ucx01000.sys, 0xfffff80c5b280000, 260 kB, USB Controller Extension
nvlddmkm.sys, 0xfffff80c5b2e0000, 20.21 MB, NVIDIA Windows Kernel Mode Driver, Version 425.91
HDAudBus.sys, 0xfffff80c5c720000, 136 kB, High Definition Audio Bus Driver
portcls.sys, 0xfffff80c5c750000, 412 kB, Port Class (Class Driver for Port/Miniport Devices)
drmk.sys, 0xfffff80c5c7c0000, 132 kB, Microsoft Trusted Audio Drivers
BTHUSB.sys, 0xfffff80c5c800000, 124 kB, Bluetooth Miniport Driver
bthport.sys, 0xfffff80c5c820000, 1.39 MB, Bluetooth Bus Driver
hidusb.sys, 0xfffff80c5c990000, 72 kB, USB Miniport Driver for Input Devices
HIDCLASS.SYS, 0xfffff80c5c9b0000, 236 kB, Hid Class Library
mouhid.sys, 0xfffff80c5c9f0000, 64 kB, HID Mouse Filter Driver
Microsoft.Bluetooth.Legacy.LEEnumerator.sys, 0xfffff80c5ca10000, 120 kB, Legacy Bluetooth LE Bus Enumerator
rfcomm.sys, 0xfffff80c5ca30000, 232 kB, Bluetooth RFCOMM Driver
BthEnum.sys, 0xfffff80c5ca70000, 136 kB, Bluetooth Bus Extender
bthpan.sys, 0xfffff80c5caa0000, 152 kB, Bluetooth Personal Area Networking
usbvideo.sys, 0xfffff80c5cae0000, 316 kB, USB Video Class Driver
tsusbhub.sys, 0xfffff80c5cb30000, 156 kB, Remote Desktop USB Hub
bowser.sys, 0xfffff80c5cb60000, 148 kB, NT Lan Manager Datagram Receiver Driver
winquic.sys, 0xfffff80c5cb90000, 224 kB, Windows QUIC Driver
mrxsmb.sys, 0xfffff80c5cbd0000, 572 kB, Windows NT SMB Minirdr
mrxsmb20.sys, 0xfffff80c5cc80000, 276 kB, Longhorn SMB 2.0 Redirector
lltdio.sys, 0xfffff80c5ccd0000, 96 kB, Link-Layer Topology Mapper I/O Driver
mslldp.sys, 0xfffff80c5ccf0000, 100 kB, Microsoft Link-Layer Discovery Protocol Driver
rspndr.sys, 0xfffff80c5cd10000, 108 kB, Link-Layer Topology Responder Driver for NDIS 6
wanarp.sys, 0xfffff80c5cd30000, 116 kB, MS Remote Access and Routing ARP Driver
ndisuio.sys, 0xfffff80c5cd50000, 96 kB, NDIS User mode I/O driver
dump_diskdump.sys, 0xfffff80c5cdf0000, 56 kB,
dump_dumpfve.sys, 0xfffff80c5ce20000, 116 kB,
dxgmms2.sys, 0xfffff80c5ce40000, 872 kB, DirectX Graphics MMS
monitor.sys, 0xfffff80c5cf20000, 96 kB, Monitor Driver
rdpvideominiport.sys, 0xfffff80c5cf40000, 52 kB, Microsoft RDP Video Miniport driver
wcifs.sys, 0xfffff80c5cf80000, 220 kB, Windows Container Isolation FS Filter Driver
cldflt.sys, 0xfffff80c5cfc0000, 476 kB, Cloud Files Mini Filter Driver
storqosflt.sys, 0xfffff80c5d040000, 104 kB, Storage QoS Filter
mmcss.sys, 0xfffff80c5d060000, 80 kB, MMCSS Driver
rdpdr.sys, 0xfffff80c5d080000, 188 kB, Microsoft RDP Device redirector
RTKVHD64.sys, 0xfffff80c5d0b0000, 6.77 MB, Realtek(r) High Definition Audio Function Driver
usbccgp.sys, 0xfffff80c5d780000, 204 kB, USB Common Class Generic Parent Driver
ibtusb.sys, 0xfffff80c5d7c0000, 236 kB, Intel(R) Wireless Bluetooth(R) Filter Driver
Reference in new issue View Git Blame Copy Permalink