Base Size Flags Idx RefC Image ----------------------------------------------- 77880000 00082000 00000000 005a 0001 \WINNT\system32\NTDLL.DLL 80062000 00014100 0c004000 0001 0001 \WINNT\System32\hal.dll 80400000 0019d5c0 0c004000 0000 0001 \WINNT\System32\ntoskrnl.exe a0000000 00191000 09104000 004b 0001 \??\C:\WINNT\system32\win32k.sys a0191000 00015000 09104000 004c 0001 \SystemRoot\System32\vmx_fb.dll be0de000 00016000 09104000 0059 0001 \SystemRoot\System32\Drivers\RDPWD.SYS be1e4000 00014000 09104000 0057 0001 \SystemRoot\System32\DRIVERS\ipsec.sys be36c000 00003000 09104000 0056 0001 \SystemRoot\System32\drivers\spud.sys be4c8000 00023000 09104000 0055 0001 \SystemRoot\System32\Drivers\Fastfat.SYS be603000 0003b000 09104000 0053 0001 \SystemRoot\System32\DRIVERS\srv.sys be706000 00018000 09104000 0052 0001 \SystemRoot\System32\DRIVERS\hgfs.sys be812000 00009000 09104000 0054 0003 \SystemRoot\System32\drivers\termdd.sys be86a000 00020000 09104000 004d 0001 \SystemRoot\System32\drivers\afd.sys be95a000 00009000 09104000 0051 0001 \SystemRoot\System32\Drivers\Fips.SYS bea1a000 00066000 09104000 0048 0001 \SystemRoot\System32\DRIVERS\mrxsmb.sys bea92000 0002a000 09104000 0047 0002 \SystemRoot\System32\DRIVERS\rdbss.sys beabc000 0002b000 09104000 0045 0001 \SystemRoot\System32\DRIVERS\netbt.sys beae7000 0004f000 09104000 0042 0003 \SystemRoot\System32\DRIVERS\tcpip.sys bfd7e000 0002b000 09104000 0036 0001 \SystemRoot\System32\DRIVERS\update.sys bfda9000 0001c000 09104000 0034 0001 \SystemRoot\System32\DRIVERS\ks.sys bfdd7000 00024000 09104000 0033 0001 \SystemRoot\System32\DRIVERS\rdpdr.sys bfdfb000 00017000 09104000 002d 0001 \SystemRoot\System32\DRIVERS\ndiswan.sys bfe6b000 00016000 09004000 001c 0001 Mup.sys bfe81000 0002a000 09004000 001b 000c NDIS.sys bfeab000 0007e000 09004000 001a 0002 Ntfs.sys bff29000 00012000 09004000 0019 0006 KSecDD.sys bff3b000 00013000 09004000 0018 0001 Dfs.sys bff4e000 00022000 09004000 0017 0001 fltmgr.sys bff70000 00013000 0d004000 0013 0003 \WINNT\System32\DRIVERS\SCSIPORT.SYS bff83000 00016000 09004000 0011 0001 atapi.sys bff99000 00022000 09004000 000e 0001 dmio.sys bffbb000 0001d000 09004000 000b 0001 ftdisk.sys bffd8000 00028000 09004000 0003 0001 ACPI.sys f2000000 0000f000 09004000 0005 0001 pci.sys f2010000 0000c000 09004000 0006 0001 isapnp.sys f2020000 0000a000 09004000 0012 0001 buslogic.sys f2030000 00009000 0d004000 0016 0002 \WINNT\System32\DRIVERS\CLASSPNP.SYS f2050000 0000c000 09104000 001e 0001 \SystemRoot\System32\DRIVERS\i8042prt.sys f2060000 00010000 09104000 0023 0001 \SystemRoot\System32\DRIVERS\serial.sys f2070000 0000e000 09104000 0027 0001 \SystemRoot\System32\DRIVERS\vmx_svga.sys f2080000 0000d000 09104000 0026 0003 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS f2090000 0000d000 09104000 002b 0001 \SystemRoot\System32\DRIVERS\rasl2tp.sys f20a0000 0000c000 09104000 002f 0001 \SystemRoot\System32\DRIVERS\raspptp.sys f20b0000 0000f000 09104000 0032 0001 \SystemRoot\System32\DRIVERS\parallel.sys f20d0000 0000a000 09104000 0038 0001 \SystemRoot\System32\Drivers\NDProxy.SYS f20e0000 00009000 09104000 0040 0001 \SystemRoot\System32\Drivers\Npfs.SYS f20f0000 00009000 09104000 0043 0001 \SystemRoot\System32\DRIVERS\msgpc.sys f2100000 00009000 09104000 0046 0001 \SystemRoot\System32\DRIVERS\netbios.sys f2280000 00006000 0d004000 000a 0002 \WINNT\System32\DRIVERS\PCIIDEX.SYS f2288000 00008000 09004000 0010 0001 MountMgr.sys f2290000 00008000 09004000 0015 0001 disk.sys f2298000 00006000 09004000 001d 0001 agp440.sys f22b0000 00007000 09104000 001f 0001 \SystemRoot\System32\DRIVERS\kbdclass.sys f22c0000 00006000 09104000 0021 0001 \SystemRoot\System32\DRIVERS\mouclass.sys f22d0000 00007000 09104000 0022 0001 \SystemRoot\System32\DRIVERS\parport.sys f22e8000 00007000 09104000 0025 0001 \SystemRoot\System32\DRIVERS\fdc.sys f22f0000 00005000 09104000 0058 0001 \SystemRoot\System32\Drivers\TDTCP.SYS f2308000 00007000 09104000 0028 0001 \SystemRoot\System32\DRIVERS\vmxnet.sys f2330000 00005000 09104000 0030 0002 \SystemRoot\System32\DRIVERS\ptilink.sys f2340000 00005000 09104000 0031 0001 \SystemRoot\System32\DRIVERS\raspti.sys f2358000 00005000 09104000 0037 0001 \SystemRoot\System32\DRIVERS\flpydisk.sys f2368000 00007000 09104000 0039 0001 \SystemRoot\System32\Drivers\EFS.SYS f2390000 00008000 09104000 004e 0001 \??\C:\WINNT\System32\Drivers\lgtosync.sys f2398000 00006000 09104000 003f 0001 \SystemRoot\System32\Drivers\Msfs.SYS f23b0000 00007000 09104000 0050 0001 \??\C:\Programme\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys f23b8000 00008000 09104000 0044 0001 \SystemRoot\System32\DRIVERS\wanarp.sys f2410000 00003000 09004000 0002 0002 \WINNT\System32\BOOTVID.dll f2414000 00003000 09004000 0007 0001 compbatt.sys f2418000 00003000 09004000 000f 0001 PartMgr.sys f241c000 00003000 09004000 0014 0001 vmscsi.sys f249c000 00004000 09104000 0024 0001 \SystemRoot\System32\DRIVERS\serenum.sys f24a0000 00004000 09104000 0049 0002 \SystemRoot\System32\Drivers\dump_diskdump.sys f24a4000 00003000 09104000 0029 0001 \SystemRoot\System32\DRIVERS\CmBatt.sys f24a8000 00003000 09104000 004a 0001 \SystemRoot\System32\Drivers\dump_vmscsi.sys f24ac000 00003000 09104000 002c 0002 \SystemRoot\System32\DRIVERS\ndistapi.sys f24bc000 00004000 09104000 002e 000a \SystemRoot\System32\DRIVERS\TDI.SYS f24f8000 00004000 09104000 003d 0001 \SystemRoot\System32\drivers\vga.sys f2500000 00002000 0d004000 0008 0003 \WINNT\System32\DRIVERS\BATTC.SYS f2502000 00002000 09004000 0009 0001 intelide.sys f2504000 00002000 09004000 000c 0001 Diskperf.sys f2506000 00002000 09004000 000d 0001 dmload.sys f2508000 00002000 09104000 0020 0001 \SystemRoot\System32\DRIVERS\vmmouse.sys f250e000 00002000 09104000 003a 0001 \SystemRoot\System32\Drivers\Fs_Rec.SYS f2516000 00002000 09104000 0041 0001 \SystemRoot\System32\DRIVERS\rasacd.sys f2568000 00002000 09104000 004f 0001 \SystemRoot\System32\Drivers\ParVdm.SYS f25c8000 00001000 0d004000 0004 000b \WINNT\System32\DRIVERS\WMILIB.SYS f25e3000 00001000 09104000 002a 0001 \SystemRoot\System32\DRIVERS\audstub.sys f25ee000 00001000 09104000 0035 0001 \SystemRoot\System32\DRIVERS\swenum.sys f25f9000 00001000 09104000 003b 0001 \SystemRoot\System32\Drivers\Null.SYS f25fb000 00001000 09104000 003c 0001 \SystemRoot\System32\Drivers\Beep.SYS f25fe000 00001000 09104000 003e 0001 \SystemRoot\System32\Drivers\mnmdd.SYS Loading symbols for C:\WINNT\system32\ntoskrnl.exe, please wait... Loading driver: c:\syscall32\MemMap32.sys MemMap initialized. Service tables: Table #0: 804721e8, 00f8 entries, params=804725cc, \WINNT\System32\ntoskrnl.exe 0000: NtAcceptConnectPort [6] (ntoskrnl.exe) 0001: NtAccessCheck [8] (ntoskrnl.exe) 0002: NtAccessCheckAndAuditAlarm [11] (ntoskrnl.exe) 0003: NtAccessCheckByType [11] (ntoskrnl.exe) 0004: NtAccessCheckByTypeAndAuditAlarm [16] (ntoskrnl.exe) 0005: NtAccessCheckByTypeResultList [11] (ntoskrnl.exe) 0006: NtAccessCheckByTypeResultListAndAuditAlarm [16] (ntoskrnl.exe) 0007: NtAccessCheckByTypeResultListAndAuditAlarmByHandle [17] (ntoskrnl.exe) 0008: NtAddAtom [3] (ntoskrnl.exe) 0009: NtAdjustGroupsToken [6] (ntoskrnl.exe) 000a: NtAdjustPrivilegesToken [6] (ntoskrnl.exe) 000b: NtAlertResumeThread [2] (ntoskrnl.exe) 000c: NtAlertThread [1] (ntoskrnl.exe) 000d: NtAllocateLocallyUniqueId [1] (ntoskrnl.exe) 000e: NtAllocateUserPhysicalPages [3] (ntoskrnl.exe) 000f: NtAllocateUuids [4] (ntoskrnl.exe) 0010: NtAllocateVirtualMemory [6] (ntoskrnl.exe) 0011: NtAreMappedFilesTheSame [2] (ntoskrnl.exe) 0012: NtAssignProcessToJobObject [2] (ntoskrnl.exe) 0013: NtCallbackReturn [3] (ntoskrnl.exe) 0014: NtCancelIoFile [2] (ntoskrnl.exe) 0015: NtCancelTimer [2] (ntoskrnl.exe) 0016: NtCancelDeviceWakeupRequest [1] (ntoskrnl.exe) 0017: NtClearEvent [1] (ntoskrnl.exe) 0018: NtClose [1] (ntoskrnl.exe) 0019: NtCloseObjectAuditAlarm [3] (ntoskrnl.exe) 001a: NtCompleteConnectPort [1] (ntoskrnl.exe) 001b: NtConnectPort [8] (ntoskrnl.exe) 001c: NtContinue [2] (ntoskrnl.exe) 001d: NtCreateDirectoryObject [3] (ntoskrnl.exe) 001e: NtCreateEvent [5] (ntoskrnl.exe) 001f: NtCreateEventPair [3] (ntoskrnl.exe) 0020: NtCreateFile [11] (ntoskrnl.exe) 0021: NtCreateIoCompletion [4] (ntoskrnl.exe) 0022: NtCreateJobObject [3] (ntoskrnl.exe) 0023: NtCreateKey [7] (ntoskrnl.exe) 0024: NtCreateMailslotFile [8] (ntoskrnl.exe) 0025: NtCreateMutant [4] (ntoskrnl.exe) 0026: NtCreateNamedPipeFile [14] (ntoskrnl.exe) 0027: NtCreatePagingFile [4] (ntoskrnl.exe) 0028: NtCreatePort [5] (ntoskrnl.exe) 0029: NtCreateProcess [8] (ntoskrnl.exe) 002a: NtCreateProfile [9] (ntoskrnl.exe) 002b: NtCreateSection [7] (ntoskrnl.exe) 002c: NtCreateSemaphore [5] (ntoskrnl.exe) 002d: NtCreateSymbolicLinkObject [4] (ntoskrnl.exe) 002e: NtCreateThread [8] (ntoskrnl.exe) 002f: NtCreateTimer [4] (ntoskrnl.exe) 0030: NtCreateToken [13] (ntoskrnl.exe) 0031: NtCreateWaitablePort [5] (ntoskrnl.exe) 0032: NtDelayExecution [2] (ntoskrnl.exe) 0033: NtDeleteAtom [1] (ntoskrnl.exe) 0034: NtDeleteFile [1] (ntoskrnl.exe) 0035: NtDeleteKey [1] (ntoskrnl.exe) 0036: NtDeleteObjectAuditAlarm [3] (ntoskrnl.exe) 0037: NtDeleteValueKey [2] (ntoskrnl.exe) 0038: NtDeviceIoControlFile [10] (ntoskrnl.exe) 0039: NtDisplayString [1] (ntoskrnl.exe) 003a: NtDuplicateObject [7] (ntoskrnl.exe) 003b: NtDuplicateToken [6] (ntoskrnl.exe) 003c: NtEnumerateKey [6] (ntoskrnl.exe) 003d: NtEnumerateValueKey [6] (ntoskrnl.exe) 003e: NtExtendSection [2] (ntoskrnl.exe) 003f: NtFilterToken [6] (ntoskrnl.exe) 0040: NtFindAtom [3] (ntoskrnl.exe) 0041: NtFlushBuffersFile [2] (ntoskrnl.exe) 0042: NtFlushInstructionCache [3] (ntoskrnl.exe) 0043: NtFlushKey [1] (ntoskrnl.exe) 0044: NtFlushVirtualMemory [4] (ntoskrnl.exe) 0045: NtFlushWriteBuffer [0] (ntoskrnl.exe) 0046: NtFreeUserPhysicalPages [3] (ntoskrnl.exe) 0047: NtFreeVirtualMemory [4] (ntoskrnl.exe) 0048: NtFsControlFile [10] (ntoskrnl.exe) 0049: NtGetContextThread [2] (ntoskrnl.exe) 004a: NtGetDevicePowerState [2] (ntoskrnl.exe) 004b: NtGetPlugPlayEvent [4] (ntoskrnl.exe) 004c: NtGetTickCount [0] (ntoskrnl.exe) 004d: NtGetWriteWatch [7] (ntoskrnl.exe) 004e: NtImpersonateAnonymousToken [1] (ntoskrnl.exe) 004f: NtImpersonateClientOfPort [2] (ntoskrnl.exe) 0050: NtImpersonateThread [3] (ntoskrnl.exe) 0051: NtInitializeRegistry [1] (ntoskrnl.exe) 0052: NtInitiatePowerAction [4] (ntoskrnl.exe) 0053: NtIsSystemResumeAutomatic [0] (ntoskrnl.exe) 0054: NtListenPort [2] (ntoskrnl.exe) 0055: NtLoadDriver [1] (ntoskrnl.exe) 0056: NtLoadKey [2] (ntoskrnl.exe) 0057: NtLoadKey2 [3] (ntoskrnl.exe) 0058: NtLockFile [10] (ntoskrnl.exe) 0059: NtLockVirtualMemory [4] (ntoskrnl.exe) 005a: NtMakeTemporaryObject [1] (ntoskrnl.exe) 005b: NtMapUserPhysicalPages [3] (ntoskrnl.exe) 005c: NtMapUserPhysicalPagesScatter [3] (ntoskrnl.exe) 005d: NtMapViewOfSection [10] (ntoskrnl.exe) 005e: NtNotifyChangeDirectoryFile [9] (ntoskrnl.exe) 005f: NtNotifyChangeKey [10] (ntoskrnl.exe) 0060: NtNotifyChangeMultipleKeys [12] (ntoskrnl.exe) 0061: NtOpenDirectoryObject [3] (ntoskrnl.exe) 0062: NtOpenEvent [3] (ntoskrnl.exe) 0063: NtOpenEventPair [3] (ntoskrnl.exe) 0064: NtOpenFile [6] (ntoskrnl.exe) 0065: NtOpenIoCompletion [3] (ntoskrnl.exe) 0066: NtOpenJobObject [3] (ntoskrnl.exe) 0067: NtOpenKey [3] (ntoskrnl.exe) 0068: NtOpenMutant [3] (ntoskrnl.exe) 0069: NtOpenObjectAuditAlarm [12] (ntoskrnl.exe) 006a: NtOpenProcess [4] (ntoskrnl.exe) 006b: NtOpenProcessToken [3] (ntoskrnl.exe) 006c: NtOpenSection [3] (ntoskrnl.exe) 006d: NtOpenSemaphore [3] (ntoskrnl.exe) 006e: NtOpenSymbolicLinkObject [3] (ntoskrnl.exe) 006f: NtOpenThread [4] (ntoskrnl.exe) 0070: NtOpenThreadToken [4] (ntoskrnl.exe) 0071: NtOpenTimer [3] (ntoskrnl.exe) 0072: NtPlugPlayControl [3] (ntoskrnl.exe) 0073: NtPowerInformation [5] (ntoskrnl.exe) 0074: NtPrivilegeCheck [3] (ntoskrnl.exe) 0075: NtPrivilegedServiceAuditAlarm [5] (ntoskrnl.exe) 0076: NtPrivilegeObjectAuditAlarm [6] (ntoskrnl.exe) 0077: NtProtectVirtualMemory [5] (ntoskrnl.exe) 0078: NtPulseEvent [2] (ntoskrnl.exe) 0079: NtQueryInformationAtom [5] (ntoskrnl.exe) 007a: NtQueryAttributesFile [2] (ntoskrnl.exe) 007b: NtQueryDefaultLocale [2] (ntoskrnl.exe) 007c: NtQueryDefaultUILanguage [1] (ntoskrnl.exe) 007d: NtQueryDirectoryFile [11] (ntoskrnl.exe) 007e: NtQueryDirectoryObject [7] (ntoskrnl.exe) 007f: NtQueryEaFile [9] (ntoskrnl.exe) 0080: NtQueryEvent [5] (ntoskrnl.exe) 0081: NtQueryFullAttributesFile [2] (ntoskrnl.exe) 0082: NtQueryInformationFile [5] (ntoskrnl.exe) 0083: NtQueryInformationJobObject [5] (ntoskrnl.exe) 0084: NtQueryIoCompletion [5] (ntoskrnl.exe) 0085: NtQueryInformationPort [5] (ntoskrnl.exe) 0086: NtQueryInformationProcess [5] (ntoskrnl.exe) 0087: NtQueryInformationThread [5] (ntoskrnl.exe) 0088: NtQueryInformationToken [5] (ntoskrnl.exe) 0089: NtQueryInstallUILanguage [1] (ntoskrnl.exe) 008a: NtQueryIntervalProfile [2] (ntoskrnl.exe) 008b: NtQueryKey [5] (ntoskrnl.exe) 008c: NtQueryMultipleValueKey [6] (ntoskrnl.exe) 008d: NtQueryMutant [5] (ntoskrnl.exe) 008e: NtQueryObject [5] (ntoskrnl.exe) 008f: NtQueryOpenSubKeys [2] (ntoskrnl.exe) 0090: NtQueryPerformanceCounter [2] (ntoskrnl.exe) 0091: NtQueryQuotaInformationFile [9] (ntoskrnl.exe) 0092: NtQuerySection [5] (ntoskrnl.exe) 0093: NtQuerySecurityObject [5] (ntoskrnl.exe) 0094: NtQuerySemaphore [5] (ntoskrnl.exe) 0095: NtQuerySymbolicLinkObject [3] (ntoskrnl.exe) 0096: NtQuerySystemEnvironmentValue [4] (ntoskrnl.exe) 0097: NtQuerySystemInformation [4] (ntoskrnl.exe) 0098: NtQuerySystemTime [1] (ntoskrnl.exe) 0099: NtQueryTimer [5] (ntoskrnl.exe) 009a: NtQueryTimerResolution [3] (ntoskrnl.exe) 009b: NtQueryValueKey [6] (ntoskrnl.exe) 009c: NtQueryVirtualMemory [6] (ntoskrnl.exe) 009d: NtQueryVolumeInformationFile [5] (ntoskrnl.exe) 009e: NtQueueApcThread [5] (ntoskrnl.exe) 009f: NtRaiseException [3] (ntoskrnl.exe) 00a0: NtRaiseHardError [6] (ntoskrnl.exe) 00a1: NtReadFile [9] (ntoskrnl.exe) 00a2: NtReadFileScatter [9] (ntoskrnl.exe) 00a3: NtReadRequestData [6] (ntoskrnl.exe) 00a4: NtReadVirtualMemory [5] (ntoskrnl.exe) 00a5: NtRegisterThreadTerminatePort [1] (ntoskrnl.exe) 00a6: NtReleaseMutant [2] (ntoskrnl.exe) 00a7: NtReleaseSemaphore [3] (ntoskrnl.exe) 00a8: NtRemoveIoCompletion [5] (ntoskrnl.exe) 00a9: NtReplaceKey [3] (ntoskrnl.exe) 00aa: NtReplyPort [2] (ntoskrnl.exe) 00ab: NtReplyWaitReceivePort [4] (ntoskrnl.exe) 00ac: NtReplyWaitReceivePortEx [5] (ntoskrnl.exe) 00ad: NtReplyWaitReplyPort [2] (ntoskrnl.exe) 00ae: NtRequestDeviceWakeup [1] (ntoskrnl.exe) 00af: NtRequestPort [2] (ntoskrnl.exe) 00b0: NtRequestWaitReplyPort [3] (ntoskrnl.exe) 00b1: NtRequestWakeupLatency [1] (ntoskrnl.exe) 00b2: NtResetEvent [2] (ntoskrnl.exe) 00b3: NtResetWriteWatch [3] (ntoskrnl.exe) 00b4: NtRestoreKey [3] (ntoskrnl.exe) 00b5: NtResumeThread [2] (ntoskrnl.exe) 00b6: NtSaveKey [2] (ntoskrnl.exe) 00b7: NtSaveMergedKeys [3] (ntoskrnl.exe) 00b8: NtSecureConnectPort [9] (ntoskrnl.exe) 00b9: NtSetIoCompletion [5] (ntoskrnl.exe) 00ba: NtSetContextThread [2] (ntoskrnl.exe) 00bb: NtSetDefaultHardErrorPort [1] (ntoskrnl.exe) 00bc: NtSetDefaultLocale [2] (ntoskrnl.exe) 00bd: NtSetDefaultUILanguage [1] (ntoskrnl.exe) 00be: NtSetEaFile [4] (ntoskrnl.exe) 00bf: NtSetEvent [2] (ntoskrnl.exe) 00c0: NtSetHighEventPair [1] (ntoskrnl.exe) 00c1: NtSetHighWaitLowEventPair [1] (ntoskrnl.exe) 00c2: NtSetInformationFile [5] (ntoskrnl.exe) 00c3: NtSetInformationJobObject [4] (ntoskrnl.exe) 00c4: NtSetInformationKey [4] (ntoskrnl.exe) 00c5: NtSetInformationObject [4] (ntoskrnl.exe) 00c6: NtSetInformationProcess [4] (ntoskrnl.exe) 00c7: NtSetInformationThread [4] (ntoskrnl.exe) 00c8: NtSetInformationToken [4] (ntoskrnl.exe) 00c9: NtSetIntervalProfile [2] (ntoskrnl.exe) 00ca: NtSetLdtEntries [6] (ntoskrnl.exe) 00cb: NtSetLowEventPair [1] (ntoskrnl.exe) 00cc: NtSetLowWaitHighEventPair [1] (ntoskrnl.exe) 00cd: NtSetQuotaInformationFile [4] (ntoskrnl.exe) 00ce: NtSetSecurityObject [3] (ntoskrnl.exe) 00cf: NtSetSystemEnvironmentValue [2] (ntoskrnl.exe) 00d0: NtSetSystemInformation [3] (ntoskrnl.exe) 00d1: NtSetSystemPowerState [3] (ntoskrnl.exe) 00d2: NtSetSystemTime [2] (ntoskrnl.exe) 00d3: NtSetThreadExecutionState [2] (ntoskrnl.exe) 00d4: NtSetTimer [7] (ntoskrnl.exe) 00d5: NtSetTimerResolution [3] (ntoskrnl.exe) 00d6: NtSetUuidSeed [1] (ntoskrnl.exe) 00d7: NtSetValueKey [6] (ntoskrnl.exe) 00d8: NtSetVolumeInformationFile [5] (ntoskrnl.exe) 00d9: NtShutdownSystem [1] (ntoskrnl.exe) 00da: NtSignalAndWaitForSingleObject [4] (ntoskrnl.exe) 00db: NtStartProfile [1] (ntoskrnl.exe) 00dc: NtStopProfile [1] (ntoskrnl.exe) 00dd: NtSuspendThread [2] (ntoskrnl.exe) 00de: NtSystemDebugControl [6] (ntoskrnl.exe) 00df: NtTerminateJobObject [2] (ntoskrnl.exe) 00e0: NtTerminateProcess [2] (ntoskrnl.exe) 00e1: NtTerminateThread [2] (ntoskrnl.exe) 00e2: NtTestAlert [0] (ntoskrnl.exe) 00e3: NtUnloadDriver [1] (ntoskrnl.exe) 00e4: NtUnloadKey [1] (ntoskrnl.exe) 00e5: NtUnlockFile [5] (ntoskrnl.exe) 00e6: NtUnlockVirtualMemory [4] (ntoskrnl.exe) 00e7: NtUnmapViewOfSection [2] (ntoskrnl.exe) 00e8: NtVdmControl [2] (ntoskrnl.exe) 00e9: NtWaitForMultipleObjects [5] (ntoskrnl.exe) 00ea: NtWaitForSingleObject [3] (ntoskrnl.exe) 00eb: NtWaitHighEventPair [1] (ntoskrnl.exe) 00ec: NtWaitLowEventPair [1] (ntoskrnl.exe) 00ed: NtWriteFile [9] (ntoskrnl.exe) 00ee: NtWriteFileGather [9] (ntoskrnl.exe) 00ef: NtWriteRequestData [6] (ntoskrnl.exe) 00f0: NtWriteVirtualMemory [5] (ntoskrnl.exe) 00f1: NtCreateChannel [2] (ntoskrnl.exe) 00f2: NtCreateChannel [2] (ntoskrnl.exe) 00f3: NtCreateChannel [2] (ntoskrnl.exe) 00f4: NtReplyWaitSendChannel [3] (ntoskrnl.exe) 00f5: MmMemoryUsage [4] (ntoskrnl.exe) 00f6: NtCancelDeviceWakeupRequest [1] (ntoskrnl.exe) 00f7: NtYieldExecution [0] (ntoskrnl.exe) Table #1: a016e6a0, 0280 entries, params=a016f328, \??\C:\WINNT\system32\win32k.sys 1000: NtGdiAbortDoc [1] (win32k.sys) 1001: NtGdiAbortPath [1] (win32k.sys) 1002: NtGdiAddFontResourceW [6] (win32k.sys) 1003: NtGdiAddRemoteFontToDC [4] (win32k.sys) 1004: NtGdiAddFontMemResourceEx [5] (win32k.sys) 1005: NtGdiRemoveMergeFont [2] (win32k.sys) 1006: NtGdiAddRemoteMMInstanceToDC [3] (win32k.sys) 1007: NtGdiAlphaBlend [12] (win32k.sys) 1008: NtGdiAngleArc [6] (win32k.sys) 1009: NtGdiAnyLinkedFonts [0] (win32k.sys) 100a: NtGdiFontIsLinked [1] (win32k.sys) 100b: NtGdiArcInternal [10] (win32k.sys) 100c: NtGdiBeginPath [1] (win32k.sys) 100d: NtGdiBitBlt [11] (win32k.sys) 100e: NtGdiCancelDC [1] (win32k.sys) 100f: NtGdiCheckBitmapBits [8] (win32k.sys) 1010: NtGdiCloseFigure [1] (win32k.sys) 1011: NtGdiColorCorrectPalette [6] (win32k.sys) 1012: NtGdiCombineRgn [4] (win32k.sys) 1013: NtGdiCombineTransform [3] (win32k.sys) 1014: NtGdiComputeXformCoefficients [1] (win32k.sys) 1015: NtGdiConsoleTextOut [4] (win32k.sys) 1016: NtGdiConvertMetafileRect [2] (win32k.sys) 1017: NtGdiCreateBitmap [5] (win32k.sys) 1018: NtGdiCreateClientObj [1] (win32k.sys) 1019: NtGdiCreateColorSpace [1] (win32k.sys) 101a: NtGdiCreateColorTransform [8] (win32k.sys) 101b: NtGdiCreateCompatibleBitmap [3] (win32k.sys) 101c: NtGdiCreateCompatibleDC [1] (win32k.sys) 101d: NtGdiCreateDIBBrush [6] (win32k.sys) 101e: NtGdiCreateDIBitmapInternal [11] (win32k.sys) 101f: NtGdiCreateDIBSection [9] (win32k.sys) 1020: NtGdiCreateEllipticRgn [4] (win32k.sys) 1021: NtGdiCreateHalftonePalette [1] (win32k.sys) 1022: NtGdiCreateHatchBrushInternal [3] (win32k.sys) 1023: NtGdiCreateMetafileDC [1] (win32k.sys) 1024: NtGdiCreatePaletteInternal [2] (win32k.sys) 1025: NtGdiCreatePatternBrushInternal [3] (win32k.sys) 1026: NtGdiCreatePen [4] (win32k.sys) 1027: NtGdiCreateRectRgn [4] (win32k.sys) 1028: NtGdiCreateRoundRectRgn [6] (win32k.sys) 1029: NtGdiCreateServerMetaFile [6] (win32k.sys) 102a: NtGdiCreateSolidBrush [2] (win32k.sys) 102b: NtGdiD3dContextCreate [4] (win32k.sys) 102c: NtGdiD3dContextDestroy [1] (win32k.sys) 102d: NtGdiD3dContextDestroyAll [1] (win32k.sys) 102e: NtGdiD3dValidateTextureStageState [1] (win32k.sys) 102f: NtGdiD3dDrawPrimitives2 [7] (win32k.sys) 1030: NtGdiDdGetDriverState [1] (win32k.sys) 1031: NtGdiDdAddAttachedSurface [3] (win32k.sys) 1032: NtGdiDdAlphaBlt [3] (win32k.sys) 1033: NtGdiDdAttachSurface [2] (win32k.sys) 1034: NtGdiDdBeginMoCompFrame [2] (win32k.sys) 1035: NtGdiDdBlt [3] (win32k.sys) 1036: NtGdiDdCanCreateSurface [2] (win32k.sys) 1037: NtGdiDdCanCreateD3DBuffer [2] (win32k.sys) 1038: NtGdiDdColorControl [2] (win32k.sys) 1039: NtGdiDdCreateDirectDrawObject [1] (win32k.sys) 103a: NtGdiDdCreateSurface [8] (win32k.sys) 103b: NtGdiDdCreateSurface [8] (win32k.sys) 103c: NtGdiDdCreateMoComp [2] (win32k.sys) 103d: NtGdiDdCreateSurfaceObject [6] (win32k.sys) 103e: NtGdiDdDeleteDirectDrawObject [1] (win32k.sys) 103f: NtGdiDdDeleteSurfaceObject [1] (win32k.sys) 1040: NtGdiDdDestroyMoComp [2] (win32k.sys) 1041: NtGdiDdDestroySurface [2] (win32k.sys) 1042: NtGdiDdDestroyD3DBuffer [1] (win32k.sys) 1043: NtGdiDdEndMoCompFrame [2] (win32k.sys) 1044: NtGdiDdFlip [5] (win32k.sys) 1045: NtGdiDdFlipToGDISurface [2] (win32k.sys) 1046: NtGdiDdGetAvailDriverMemory [2] (win32k.sys) 1047: NtGdiDdGetBltStatus [2] (win32k.sys) 1048: NtGdiDdGetDC [2] (win32k.sys) 1049: NtGdiDdGetDriverInfo [2] (win32k.sys) 104a: NtGdiDdGetDxHandle [3] (win32k.sys) 104b: NtGdiDdGetFlipStatus [2] (win32k.sys) 104c: NtGdiDdGetInternalMoCompInfo [2] (win32k.sys) 104d: NtGdiDdGetMoCompBuffInfo [2] (win32k.sys) 104e: NtGdiDdGetMoCompGuids [2] (win32k.sys) 104f: NtGdiDdGetMoCompFormats [2] (win32k.sys) 1050: NtGdiDdGetScanLine [2] (win32k.sys) 1051: NtGdiDdLock [3] (win32k.sys) 1052: NtGdiDdLockD3D [2] (win32k.sys) 1053: NtGdiDdQueryDirectDrawObject [11] (win32k.sys) 1054: NtGdiDdQueryMoCompStatus [2] (win32k.sys) 1055: NtGdiDdReenableDirectDrawObject [2] (win32k.sys) 1056: NtGdiDdReleaseDC [1] (win32k.sys) 1057: NtGdiDdRenderMoComp [2] (win32k.sys) 1058: NtGdiDdResetVisrgn [2] (win32k.sys) 1059: NtGdiDdSetColorKey [2] (win32k.sys) 105a: NtGdiDdSetExclusiveMode [2] (win32k.sys) 105b: NtGdiDdSetGammaRamp [3] (win32k.sys) 105c: NtGdiDdCreateSurfaceEx [3] (win32k.sys) 105d: NtGdiDdSetOverlayPosition [3] (win32k.sys) 105e: NtGdiDdUnattachSurface [2] (win32k.sys) 105f: NtGdiDdUnlock [2] (win32k.sys) 1060: NtGdiDdUnlockD3D [2] (win32k.sys) 1061: NtGdiDdUpdateOverlay [3] (win32k.sys) 1062: NtGdiDdWaitForVerticalBlank [2] (win32k.sys) 1063: NtGdiDvpCanCreateVideoPort [2] (win32k.sys) 1064: NtGdiDvpColorControl [2] (win32k.sys) 1065: NtGdiDvpCreateVideoPort [2] (win32k.sys) 1066: NtGdiDvpDestroyVideoPort [2] (win32k.sys) 1067: NtGdiDvpFlipVideoPort [4] (win32k.sys) 1068: NtGdiDvpGetVideoPortBandwidth [2] (win32k.sys) 1069: NtGdiDvpGetVideoPortField [2] (win32k.sys) 106a: NtGdiDvpGetVideoPortFlipStatus [2] (win32k.sys) 106b: NtGdiDvpGetVideoPortInputFormats [2] (win32k.sys) 106c: NtGdiDvpGetVideoPortLine [2] (win32k.sys) 106d: NtGdiDvpGetVideoPortOutputFormats [2] (win32k.sys) 106e: NtGdiDvpGetVideoPortConnectInfo [2] (win32k.sys) 106f: NtGdiDvpGetVideoSignalStatus [2] (win32k.sys) 1070: NtGdiDvpUpdateVideoPort [4] (win32k.sys) 1071: NtGdiDvpWaitForVideoPortSync [2] (win32k.sys) 1072: NtGdiDeleteClientObj [1] (win32k.sys) 1073: NtGdiDeleteColorSpace [1] (win32k.sys) 1074: NtGdiDeleteColorTransform [2] (win32k.sys) 1075: NtGdiDeleteObjectApp [1] (win32k.sys) 1076: NtGdiDescribePixelFormat [4] (win32k.sys) 1077: NtGdiGetPerBandInfo [2] (win32k.sys) 1078: NtGdiDoBanding [4] (win32k.sys) 1079: NtGdiDoPalette [6] (win32k.sys) 107a: NtGdiDrawEscape [4] (win32k.sys) 107b: NtGdiEllipse [5] (win32k.sys) 107c: NtGdiEnableEudc [1] (win32k.sys) 107d: NtGdiEndDoc [1] (win32k.sys) 107e: NtGdiEndPage [1] (win32k.sys) 107f: NtGdiEndPath [1] (win32k.sys) 1080: NtGdiEnumFontChunk [5] (win32k.sys) 1081: NtGdiEnumFontClose [1] (win32k.sys) 1082: NtGdiEnumFontOpen [7] (win32k.sys) 1083: NtGdiEnumObjects [4] (win32k.sys) 1084: NtGdiEqualRgn [2] (win32k.sys) 1085: NtGdiEudcEnumFaceNameLinkW [4] (win32k.sys) 1086: NtGdiEudcLoadUnloadLink [7] (win32k.sys) 1087: NtGdiExcludeClipRect [5] (win32k.sys) 1088: NtGdiExtCreatePen [11] (win32k.sys) 1089: NtGdiExtCreateRegion [3] (win32k.sys) 108a: NtGdiExtEscape [8] (win32k.sys) 108b: NtGdiExtFloodFill [5] (win32k.sys) 108c: NtGdiExtGetObjectW [3] (win32k.sys) 108d: NtGdiExtSelectClipRgn [3] (win32k.sys) 108e: NtGdiExtTextOutW [9] (win32k.sys) 108f: NtGdiFillPath [1] (win32k.sys) 1090: NtGdiFillRgn [3] (win32k.sys) 1091: NtGdiFlattenPath [1] (win32k.sys) 1092: NtGdiFlushUserBatch [0] (win32k.sys) 1093: NtGdiFlush [0] (win32k.sys) 1094: NtGdiForceUFIMapping [2] (win32k.sys) 1095: NtGdiFrameRgn [5] (win32k.sys) 1096: NtGdiFullscreenControl [5] (win32k.sys) 1097: NtGdiGetAndSetDCDword [4] (win32k.sys) 1098: NtGdiGetAppClipBox [2] (win32k.sys) 1099: NtGdiGetBitmapBits [3] (win32k.sys) 109a: NtGdiGetBitmapDimension [2] (win32k.sys) 109b: NtGdiGetBoundsRect [3] (win32k.sys) 109c: NtGdiGetCharABCWidthsW [6] (win32k.sys) 109d: NtGdiGetCharacterPlacementW [6] (win32k.sys) 109e: NtGdiGetCharSet [1] (win32k.sys) 109f: NtGdiGetCharWidthW [6] (win32k.sys) 10a0: NtGdiGetCharWidthInfo [2] (win32k.sys) 10a1: NtGdiGetColorAdjustment [2] (win32k.sys) 10a2: NtGdiGetColorSpaceforBitmap [1] (win32k.sys) 10a3: NtGdiGetDCDword [3] (win32k.sys) 10a4: NtGdiGetDCforBitmap [1] (win32k.sys) 10a5: NtGdiGetDCObject [2] (win32k.sys) 10a6: NtGdiGetDCPoint [3] (win32k.sys) 10a7: NtGdiGetDeviceCaps [2] (win32k.sys) 10a8: NtGdiGetDeviceGammaRamp [2] (win32k.sys) 10a9: NtGdiGetDeviceCapsAll [2] (win32k.sys) 10aa: NtGdiGetDIBitsInternal [9] (win32k.sys) 10ab: NtGdiGetETM [2] (win32k.sys) 10ac: NtGdiGetEudcTimeStampEx [3] (win32k.sys) 10ad: NtGdiGetFontData [5] (win32k.sys) 10ae: NtGdiGetFontResourceInfoInternalW [7] (win32k.sys) 10af: NtGdiGetGlyphIndicesW [5] (win32k.sys) 10b0: NtGdiGetGlyphIndicesWInternal [6] (win32k.sys) 10b1: NtGdiGetGlyphOutline [8] (win32k.sys) 10b2: NtGdiGetKerningPairs [3] (win32k.sys) 10b3: NtGdiGetLinkedUFIs [3] (win32k.sys) 10b4: NtGdiGetMiterLimit [2] (win32k.sys) 10b5: NtGdiGetMonitorID [3] (win32k.sys) 10b6: NtGdiGetNearestColor [2] (win32k.sys) 10b7: NtGdiGetNearestPaletteIndex [2] (win32k.sys) 10b8: NtGdiGetObjectBitmapHandle [2] (win32k.sys) 10b9: NtGdiGetOutlineTextMetricsInternalW [4] (win32k.sys) 10ba: NtGdiGetPath [4] (win32k.sys) 10bb: NtGdiGetPixel [3] (win32k.sys) 10bc: NtGdiGetRandomRgn [3] (win32k.sys) 10bd: NtGdiGetRasterizerCaps [2] (win32k.sys) 10be: NtGdiGetRealizationInfo [2] (win32k.sys) 10bf: NtGdiGetRegionData [3] (win32k.sys) 10c0: NtGdiGetRgnBox [2] (win32k.sys) 10c1: NtGdiGetServerMetaFileBits [7] (win32k.sys) 10c2: NtGdiGetSpoolMessage [4] (win32k.sys) 10c3: NtGdiGetStats [5] (win32k.sys) 10c4: NtGdiGetStockObject [1] (win32k.sys) 10c5: NtGdiGetStringBitmapW [5] (win32k.sys) 10c6: NtGdiGetSystemPaletteUse [1] (win32k.sys) 10c7: NtGdiGetTextCharsetInfo [3] (win32k.sys) 10c8: NtGdiGetTextExtent [5] (win32k.sys) 10c9: NtGdiGetTextExtentExW [8] (win32k.sys) 10ca: NtGdiGetTextFaceW [4] (win32k.sys) 10cb: NtGdiGetTextMetricsW [3] (win32k.sys) 10cc: NtGdiGetTransform [3] (win32k.sys) 10cd: NtGdiGetUFI [6] (win32k.sys) 10ce: NtGdiGetUFIPathname [10] (win32k.sys) 10cf: NtGdiGetFontUnicodeRanges [2] (win32k.sys) 10d0: NtGdiGetWidthTable [7] (win32k.sys) 10d1: NtGdiGradientFill [6] (win32k.sys) 10d2: NtGdiHfontCreate [5] (win32k.sys) 10d3: NtGdiIcmBrushInfo [8] (win32k.sys) 10d4: NtGdiInit [0] (win32k.sys) 10d5: NtGdiInitSpool [0] (win32k.sys) 10d6: NtGdiIntersectClipRect [5] (win32k.sys) 10d7: NtGdiInvertRgn [2] (win32k.sys) 10d8: NtGdiLineTo [3] (win32k.sys) 10d9: NtGdiMakeFontDir [5] (win32k.sys) 10da: NtGdiMakeInfoDC [2] (win32k.sys) 10db: NtGdiMaskBlt [13] (win32k.sys) 10dc: NtGdiModifyWorldTransform [3] (win32k.sys) 10dd: NtGdiMonoBitmap [1] (win32k.sys) 10de: NtGdiMoveTo [4] (win32k.sys) 10df: NtGdiOffsetClipRgn [3] (win32k.sys) 10e0: NtGdiOffsetRgn [3] (win32k.sys) 10e1: NtGdiOpenDCW [7] (win32k.sys) 10e2: NtGdiPatBlt [6] (win32k.sys) 10e3: NtGdiPolyPatBlt [5] (win32k.sys) 10e4: NtGdiPathToRegion [1] (win32k.sys) 10e5: NtGdiPlgBlt [11] (win32k.sys) 10e6: NtGdiPolyDraw [4] (win32k.sys) 10e7: NtGdiPolyPolyDraw [5] (win32k.sys) 10e8: NtGdiPolyTextOutW [4] (win32k.sys) 10e9: NtGdiPtInRegion [3] (win32k.sys) 10ea: NtGdiPtVisible [3] (win32k.sys) 10eb: NtGdiQueryFonts [3] (win32k.sys) 10ec: NtGdiQueryFontAssocInfo [1] (win32k.sys) 10ed: NtGdiRectangle [5] (win32k.sys) 10ee: NtGdiRectInRegion [2] (win32k.sys) 10ef: NtGdiRectVisible [2] (win32k.sys) 10f0: NtGdiRemoveFontResourceW [6] (win32k.sys) 10f1: NtGdiRemoveFontMemResourceEx [1] (win32k.sys) 10f2: NtGdiResetDC [5] (win32k.sys) 10f3: NtGdiResizePalette [2] (win32k.sys) 10f4: NtGdiRestoreDC [2] (win32k.sys) 10f5: NtGdiRoundRect [7] (win32k.sys) 10f6: NtGdiSaveDC [1] (win32k.sys) 10f7: NtGdiScaleViewportExtEx [6] (win32k.sys) 10f8: NtGdiScaleWindowExtEx [6] (win32k.sys) 10f9: NtGdiSelectBitmap [2] (win32k.sys) 10fa: NtGdiSelectBrush [2] (win32k.sys) 10fb: NtGdiSelectClipPath [2] (win32k.sys) 10fc: NtGdiSelectFont [2] (win32k.sys) 10fd: NtGdiSelectPen [2] (win32k.sys) 10fe: NtGdiSetBitmapBits [3] (win32k.sys) 10ff: NtGdiSetBitmapDimension [4] (win32k.sys) 1100: NtGdiSetBoundsRect [3] (win32k.sys) 1101: NtGdiSetBrushOrg [4] (win32k.sys) 1102: NtGdiSetColorAdjustment [2] (win32k.sys) 1103: NtGdiSetColorSpace [2] (win32k.sys) 1104: NtGdiSetDeviceGammaRamp [2] (win32k.sys) 1105: NtGdiSetDIBitsToDeviceInternal [16] (win32k.sys) 1106: NtGdiSetFontEnumeration [1] (win32k.sys) 1107: NtGdiSetFontXform [3] (win32k.sys) 1108: NtGdiSetIcmMode [3] (win32k.sys) 1109: NtGdiSetLinkedUFIs [3] (win32k.sys) 110a: NtGdiSetMagicColors [3] (win32k.sys) 110b: NtGdiSetMetaRgn [1] (win32k.sys) 110c: NtGdiSetMiterLimit [3] (win32k.sys) 110d: NtGdiGetDeviceWidth [1] (win32k.sys) 110e: NtGdiMirrorWindowOrg [1] (win32k.sys) 110f: NtGdiSetLayout [3] (win32k.sys) 1110: NtGdiSetPixel [4] (win32k.sys) 1111: NtGdiSetPixelFormat [2] (win32k.sys) 1112: NtGdiSetRectRgn [5] (win32k.sys) 1113: NtGdiSetSystemPaletteUse [2] (win32k.sys) 1114: NtGdiSetTextJustification [3] (win32k.sys) 1115: NtGdiSetupPublicCFONT [3] (win32k.sys) 1116: NtGdiSetVirtualResolution [5] (win32k.sys) 1117: NtGdiSetSizeDevice [3] (win32k.sys) 1118: NtGdiStartDoc [4] (win32k.sys) 1119: NtGdiStartPage [1] (win32k.sys) 111a: NtGdiStretchBlt [12] (win32k.sys) 111b: NtGdiStretchDIBitsInternal [16] (win32k.sys) 111c: NtGdiStrokeAndFillPath [1] (win32k.sys) 111d: NtGdiStrokePath [1] (win32k.sys) 111e: NtGdiSwapBuffers [1] (win32k.sys) 111f: NtGdiTransformPoints [5] (win32k.sys) 1120: NtGdiTransparentBlt [11] (win32k.sys) 1121: NtGdiUnloadPrinterDriver [2] (win32k.sys) 1122: NtGdiUnmapMemFont [1] (win32k.sys) 1123: NtGdiUnrealizeObject [1] (win32k.sys) 1124: NtGdiUpdateColors [1] (win32k.sys) 1125: NtGdiWidenPath [1] (win32k.sys) 1126: NtUserActivateKeyboardLayout [2] (win32k.sys) 1127: NtUserAlterWindowStyle [3] (win32k.sys) 1128: NtUserAssociateInputContext [3] (win32k.sys) 1129: NtUserAttachThreadInput [3] (win32k.sys) 112a: NtUserBeginPaint [2] (win32k.sys) 112b: NtUserBitBltSysBmp [8] (win32k.sys) 112c: NtUserBlockInput [1] (win32k.sys) 112d: NtUserBuildHimcList [4] (win32k.sys) 112e: NtUserBuildHwndList [7] (win32k.sys) 112f: NtUserBuildNameList [4] (win32k.sys) 1130: NtUserBuildPropList [4] (win32k.sys) 1131: NtUserCallHwnd [2] (win32k.sys) 1132: NtUserCallHwndLock [2] (win32k.sys) 1133: NtUserCallHwndOpt [2] (win32k.sys) 1134: NtUserCallHwndParam [3] (win32k.sys) 1135: NtUserCallHwndParamLock [3] (win32k.sys) 1136: NtUserCallMsgFilter [2] (win32k.sys) 1137: NtUserCallNextHookEx [4] (win32k.sys) 1138: NtUserCallNoParam [1] (win32k.sys) 1139: NtUserCallOneParam [2] (win32k.sys) 113a: NtUserCallTwoParam [3] (win32k.sys) 113b: NtUserChangeClipboardChain [2] (win32k.sys) 113c: NtUserChangeDisplaySettings [5] (win32k.sys) 113d: NtUserCheckImeHotKey [2] (win32k.sys) 113e: NtUserCheckMenuItem [3] (win32k.sys) 113f: NtUserChildWindowFromPointEx [4] (win32k.sys) 1140: NtUserClipCursor [1] (win32k.sys) 1141: NtUserCloseClipboard [0] (win32k.sys) 1142: NtUserCloseDesktop [1] (win32k.sys) 1143: NtUserCloseWindowStation [1] (win32k.sys) 1144: NtUserConsoleControl [3] (win32k.sys) 1145: NtUserConvertMemHandle [2] (win32k.sys) 1146: NtUserCopyAcceleratorTable [3] (win32k.sys) 1147: NtUserCountClipboardFormats [0] (win32k.sys) 1148: NtUserCreateAcceleratorTable [2] (win32k.sys) 1149: NtUserCreateCaret [4] (win32k.sys) 114a: NtUserCreateDesktop [5] (win32k.sys) 114b: NtUserCreateInputContext [1] (win32k.sys) 114c: NtUserCreateLocalMemHandle [4] (win32k.sys) 114d: NtUserCreateWindowEx [13] (win32k.sys) 114e: NtUserCreateWindowStation [6] (win32k.sys) 114f: NtUserDdeGetQualityOfService [3] (win32k.sys) 1150: NtUserDdeInitialize [5] (win32k.sys) 1151: NtUserDdeSetQualityOfService [3] (win32k.sys) 1152: NtUserDeferWindowPos [8] (win32k.sys) 1153: NtUserDefSetText [2] (win32k.sys) 1154: NtUserDeleteMenu [3] (win32k.sys) 1155: NtUserDestroyAcceleratorTable [1] (win32k.sys) 1156: NtUserDestroyCursor [2] (win32k.sys) 1157: NtUserDestroyInputContext [1] (win32k.sys) 1158: NtUserDestroyMenu [1] (win32k.sys) 1159: NtUserDestroyWindow [1] (win32k.sys) 115a: NtUserDisableThreadIme [1] (win32k.sys) 115b: NtUserDispatchMessage [1] (win32k.sys) 115c: NtUserDragDetect [3] (win32k.sys) 115d: NtUserDragObject [5] (win32k.sys) 115e: NtUserDrawAnimatedRects [4] (win32k.sys) 115f: NtUserDrawCaption [4] (win32k.sys) 1160: NtUserDrawCaptionTemp [7] (win32k.sys) 1161: NtUserDrawIconEx [11] (win32k.sys) 1162: NtUserDrawMenuBarTemp [5] (win32k.sys) 1163: NtUserEmptyClipboard [0] (win32k.sys) 1164: NtUserEnableMenuItem [3] (win32k.sys) 1165: NtUserEnableScrollBar [3] (win32k.sys) 1166: NtUserEndDeferWindowPosEx [2] (win32k.sys) 1167: NtUserEndMenu [0] (win32k.sys) 1168: NtUserEndPaint [2] (win32k.sys) 1169: NtUserEnumDisplayDevices [4] (win32k.sys) 116a: NtUserEnumDisplayMonitors [4] (win32k.sys) 116b: NtUserEnumDisplaySettings [4] (win32k.sys) 116c: NtUserEvent [1] (win32k.sys) 116d: NtUserExcludeUpdateRgn [2] (win32k.sys) 116e: NtUserFillWindow [4] (win32k.sys) 116f: NtUserFindExistingCursorIcon [3] (win32k.sys) 1170: NtUserFindWindowEx [5] (win32k.sys) 1171: NtUserFlashWindowEx [1] (win32k.sys) 1172: NtUserGetAltTabInfo [6] (win32k.sys) 1173: NtUserGetAncestor [2] (win32k.sys) 1174: NtUserGetAppImeLevel [1] (win32k.sys) 1175: NtUserGetAsyncKeyState [1] (win32k.sys) 1176: NtUserGetCaretBlinkTime [0] (win32k.sys) 1177: NtUserGetCaretPos [1] (win32k.sys) 1178: NtUserGetClassInfo [5] (win32k.sys) 1179: NtUserGetClassName [3] (win32k.sys) 117a: NtUserGetClipboardData [2] (win32k.sys) 117b: NtUserGetClipboardFormatName [3] (win32k.sys) 117c: NtUserGetClipboardOwner [0] (win32k.sys) 117d: NtUserGetClipboardSequenceNumber [0] (win32k.sys) 117e: NtUserGetClipboardViewer [0] (win32k.sys) 117f: NtUserGetClipCursor [1] (win32k.sys) 1180: NtUserGetComboBoxInfo [2] (win32k.sys) 1181: NtUserGetControlBrush [3] (win32k.sys) 1182: NtUserGetControlColor [4] (win32k.sys) 1183: NtUserGetCPD [3] (win32k.sys) 1184: NtUserGetCursorFrameInfo [4] (win32k.sys) 1185: NtUserGetCursorInfo [1] (win32k.sys) 1186: NtUserGetDC [1] (win32k.sys) 1187: NtUserGetDCEx [3] (win32k.sys) 1188: NtUserGetDoubleClickTime [0] (win32k.sys) 1189: NtUserGetForegroundWindow [0] (win32k.sys) 118a: NtUserGetGuiResources [2] (win32k.sys) 118b: NtUserGetGUIThreadInfo [2] (win32k.sys) 118c: NtUserGetIconInfo [6] (win32k.sys) 118d: NtUserGetIconSize [4] (win32k.sys) 118e: NtUserGetImeHotKey [4] (win32k.sys) 118f: NtUserGetImeInfoEx [2] (win32k.sys) 1190: NtUserGetInternalWindowPos [3] (win32k.sys) 1191: NtUserGetKeyboardLayoutList [2] (win32k.sys) 1192: NtUserGetKeyboardLayoutName [1] (win32k.sys) 1193: NtUserGetKeyboardState [1] (win32k.sys) 1194: NtUserGetKeyNameText [3] (win32k.sys) 1195: NtUserGetKeyState [1] (win32k.sys) 1196: NtUserGetListBoxInfo [1] (win32k.sys) 1197: NtUserGetMenuBarInfo [4] (win32k.sys) 1198: NtUserGetMenuIndex [2] (win32k.sys) 1199: NtUserGetMenuItemRect [4] (win32k.sys) 119a: NtUserGetMessage [4] (win32k.sys) 119b: NtUserGetMouseMovePointsEx [5] (win32k.sys) 119c: NtUserGetObjectInformation [5] (win32k.sys) 119d: NtUserGetOpenClipboardWindow [0] (win32k.sys) 119e: NtUserGetPriorityClipboardFormat [2] (win32k.sys) 119f: NtUserGetProcessWindowStation [0] (win32k.sys) 11a0: NtUserGetScrollBarInfo [3] (win32k.sys) 11a1: NtUserGetSystemMenu [2] (win32k.sys) 11a2: NtUserGetThreadDesktop [2] (win32k.sys) 11a3: NtUserGetThreadState [1] (win32k.sys) 11a4: NtUserGetTitleBarInfo [2] (win32k.sys) 11a5: NtUserGetUpdateRect [3] (win32k.sys) 11a6: NtUserGetUpdateRgn [3] (win32k.sys) 11a7: NtUserGetWindowDC [1] (win32k.sys) 11a8: NtUserGetWindowPlacement [2] (win32k.sys) 11a9: NtUserGetWOWClass [2] (win32k.sys) 11aa: NtUserHardErrorControl [3] (win32k.sys) 11ab: NtUserHideCaret [1] (win32k.sys) 11ac: NtUserHiliteMenuItem [4] (win32k.sys) 11ad: NtUserImpersonateDdeClientWindow [2] (win32k.sys) 11ae: NtUserInitialize [3] (win32k.sys) 11af: NtUserInitializeClientPfnArrays [4] (win32k.sys) 11b0: NtUserInitTask [11] (win32k.sys) 11b1: NtUserInternalGetWindowText [3] (win32k.sys) 11b2: NtUserInvalidateRect [3] (win32k.sys) 11b3: NtUserInvalidateRgn [3] (win32k.sys) 11b4: NtUserIsClipboardFormatAvailable [1] (win32k.sys) 11b5: NtUserKillTimer [2] (win32k.sys) 11b6: NtUserLoadKeyboardLayoutEx [6] (win32k.sys) 11b7: NtUserLockWindowStation [1] (win32k.sys) 11b8: NtUserLockWindowUpdate [1] (win32k.sys) 11b9: NtUserLockWorkStation [0] (win32k.sys) 11ba: NtUserMapVirtualKeyEx [4] (win32k.sys) 11bb: NtUserMenuItemFromPoint [4] (win32k.sys) 11bc: NtUserMessageCall [7] (win32k.sys) 11bd: NtUserMinMaximize [3] (win32k.sys) 11be: NtUserMNDragLeave [0] (win32k.sys) 11bf: NtUserMNDragOver [2] (win32k.sys) 11c0: NtUserModifyUserStartupInfoFlags [2] (win32k.sys) 11c1: NtUserMoveWindow [6] (win32k.sys) 11c2: NtUserNotifyIMEStatus [3] (win32k.sys) 11c3: NtUserNotifyProcessCreate [4] (win32k.sys) 11c4: NtUserNotifyWinEvent [4] (win32k.sys) 11c5: NtUserOpenClipboard [2] (win32k.sys) 11c6: NtUserOpenDesktop [3] (win32k.sys) 11c7: NtUserOpenInputDesktop [3] (win32k.sys) 11c8: NtUserOpenWindowStation [2] (win32k.sys) 11c9: NtUserPaintDesktop [1] (win32k.sys) 11ca: NtUserPeekMessage [5] (win32k.sys) 11cb: NtUserPostMessage [4] (win32k.sys) 11cc: NtUserPostThreadMessage [4] (win32k.sys) 11cd: NtUserProcessConnect [3] (win32k.sys) 11ce: NtUserQueryInformationThread [5] (win32k.sys) 11cf: NtUserQueryInputContext [2] (win32k.sys) 11d0: NtUserQuerySendMessage [1] (win32k.sys) 11d1: NtUserQueryUserCounters [5] (win32k.sys) 11d2: NtUserQueryWindow [2] (win32k.sys) 11d3: NtUserRealChildWindowFromPoint [3] (win32k.sys) 11d4: NtUserRedrawWindow [4] (win32k.sys) 11d5: NtUserRegisterClassExWOW [6] (win32k.sys) 11d6: NtUserRegisterHotKey [4] (win32k.sys) 11d7: NtUserRegisterTasklist [1] (win32k.sys) 11d8: NtUserRegisterWindowMessage [1] (win32k.sys) 11d9: NtUserRemoveMenu [3] (win32k.sys) 11da: NtUserRemoveProp [2] (win32k.sys) 11db: NtUserResolveDesktop [4] (win32k.sys) 11dc: NtUserResolveDesktopForWOW [1] (win32k.sys) 11dd: NtUserSBGetParms [4] (win32k.sys) 11de: NtUserScrollDC [7] (win32k.sys) 11df: NtUserScrollWindowEx [8] (win32k.sys) 11e0: NtUserSelectPalette [3] (win32k.sys) 11e1: NtUserSendInput [3] (win32k.sys) 11e2: NtUserSendMessageCallback [6] (win32k.sys) 11e3: NtUserSendNotifyMessage [4] (win32k.sys) 11e4: NtUserSetActiveWindow [1] (win32k.sys) 11e5: NtUserSetAppImeLevel [2] (win32k.sys) 11e6: NtUserSetCapture [1] (win32k.sys) 11e7: NtUserSetClassLong [4] (win32k.sys) 11e8: NtUserSetClassWord [3] (win32k.sys) 11e9: NtUserSetClipboardData [3] (win32k.sys) 11ea: NtUserSetClipboardViewer [1] (win32k.sys) 11eb: NtUserSetConsoleReserveKeys [2] (win32k.sys) 11ec: NtUserSetCursor [1] (win32k.sys) 11ed: NtUserSetCursorContents [2] (win32k.sys) 11ee: NtUserSetCursorIconData [4] (win32k.sys) 11ef: NtUserSetDbgTag [2] (win32k.sys) 11f0: NtUserSetFocus [1] (win32k.sys) 11f1: NtUserSetImeHotKey [5] (win32k.sys) 11f2: NtUserSetImeInfoEx [1] (win32k.sys) 11f3: NtUserSetImeOwnerWindow [2] (win32k.sys) 11f4: NtUserSetInformationProcess [4] (win32k.sys) 11f5: NtUserSetInformationThread [4] (win32k.sys) 11f6: NtUserSetInternalWindowPos [4] (win32k.sys) 11f7: NtUserSetKeyboardState [1] (win32k.sys) 11f8: NtUserSetLogonNotifyWindow [1] (win32k.sys) 11f9: NtUserSetMenu [3] (win32k.sys) 11fa: NtUserSetMenuContextHelpId [2] (win32k.sys) 11fb: NtUserSetMenuDefaultItem [3] (win32k.sys) 11fc: NtUserSetMenuFlagRtoL [1] (win32k.sys) 11fd: NtUserSetObjectInformation [4] (win32k.sys) 11fe: NtUserSetParent [2] (win32k.sys) 11ff: NtUserSetProcessWindowStation [1] (win32k.sys) 1200: NtUserSetProp [3] (win32k.sys) 1201: NtUserSetRipFlags [2] (win32k.sys) 1202: NtUserSetScrollInfo [4] (win32k.sys) 1203: NtUserSetShellWindowEx [2] (win32k.sys) 1204: NtUserSetSysColors [4] (win32k.sys) 1205: NtUserSetSystemCursor [2] (win32k.sys) 1206: NtUserSetSystemMenu [2] (win32k.sys) 1207: NtUserSetSystemTimer [4] (win32k.sys) 1208: NtUserSetThreadDesktop [1] (win32k.sys) 1209: NtUserSetThreadLayoutHandles [2] (win32k.sys) 120a: NtUserSetThreadState [2] (win32k.sys) 120b: NtUserSetTimer [4] (win32k.sys) 120c: NtUserSetWindowFNID [2] (win32k.sys) 120d: NtUserSetWindowLong [4] (win32k.sys) 120e: NtUserSetWindowPlacement [2] (win32k.sys) 120f: NtUserSetWindowPos [7] (win32k.sys) 1210: NtUserSetWindowRgn [3] (win32k.sys) 1211: NtUserSetWindowsHookAW [3] (win32k.sys) 1212: NtUserSetWindowsHookEx [6] (win32k.sys) 1213: NtUserSetWindowStationUser [4] (win32k.sys) 1214: NtUserSetWindowWord [3] (win32k.sys) 1215: NtUserSetWinEventHook [8] (win32k.sys) 1216: NtUserShowCaret [1] (win32k.sys) 1217: NtUserShowScrollBar [3] (win32k.sys) 1218: NtUserShowWindow [2] (win32k.sys) 1219: NtUserShowWindowAsync [2] (win32k.sys) 121a: NtUserSoundSentry [0] (win32k.sys) 121b: NtUserSwitchDesktop [1] (win32k.sys) 121c: NtUserSystemParametersInfo [4] (win32k.sys) 121d: NtUserTestForInteractiveUser [1] (win32k.sys) 121e: NtUserThunkedMenuInfo [2] (win32k.sys) 121f: NtUserThunkedMenuItemInfo [6] (win32k.sys) 1220: NtUserToUnicodeEx [7] (win32k.sys) 1221: NtUserTrackMouseEvent [1] (win32k.sys) 1222: NtUserTrackPopupMenuEx [6] (win32k.sys) 1223: NtUserTranslateAccelerator [3] (win32k.sys) 1224: NtUserTranslateMessage [2] (win32k.sys) 1225: NtUserUnhookWindowsHookEx [1] (win32k.sys) 1226: NtUserUnhookWinEvent [1] (win32k.sys) 1227: NtUserUnloadKeyboardLayout [1] (win32k.sys) 1228: NtUserUnlockWindowStation [1] (win32k.sys) 1229: NtUserUnregisterClass [3] (win32k.sys) 122a: NtUserUnregisterHotKey [2] (win32k.sys) 122b: NtUserUpdateInputContext [3] (win32k.sys) 122c: NtUserUpdateInstance [3] (win32k.sys) 122d: NtUserUpdateLayeredWindow [9] (win32k.sys) 122e: NtUserSetLayeredWindowAttributes [4] (win32k.sys) 122f: NtUserUpdatePerUserSystemParameters [2] (win32k.sys) 1230: NtUserUserHandleGrantAccess [3] (win32k.sys) 1231: NtUserValidateHandleSecure [1] (win32k.sys) 1232: NtUserValidateRect [2] (win32k.sys) 1233: NtUserVkKeyScanEx [3] (win32k.sys) 1234: NtUserWaitForInputIdle [3] (win32k.sys) 1235: NtUserWaitForMsgAndEvent [1] (win32k.sys) 1236: NtUserWaitMessage [0] (win32k.sys) 1237: NtUserWin32PoolAllocationStats [6] (win32k.sys) 1238: NtUserWindowFromPoint [2] (win32k.sys) 1239: NtUserYieldTask [0] (win32k.sys) 123a: NtUserRemoteConnect [3] (win32k.sys) 123b: NtUserRemoteRedrawRectangle [4] (win32k.sys) 123c: NtUserRemoteRedrawScreen [0] (win32k.sys) 123d: NtUserRemoteStopScreenUpdates [0] (win32k.sys) 123e: NtUserCtxDisplayIOCtl [3] (win32k.sys) 123f: NtGdiEngAssociateSurface [3] (win32k.sys) 1240: NtGdiEngCreateBitmap [6] (win32k.sys) 1241: NtGdiEngCreateDeviceSurface [4] (win32k.sys) 1242: NtGdiEngCreateDeviceBitmap [4] (win32k.sys) 1243: NtGdiEngCreatePalette [6] (win32k.sys) 1244: NtGdiEngComputeGlyphSet [3] (win32k.sys) 1245: NtGdiEngCopyBits [6] (win32k.sys) 1246: NtGdiEngDeletePalette [1] (win32k.sys) 1247: NtGdiEngDeleteSurface [1] (win32k.sys) 1248: NtGdiEngEraseSurface [3] (win32k.sys) 1249: NtGdiEngUnlockSurface [1] (win32k.sys) 124a: NtGdiEngLockSurface [1] (win32k.sys) 124b: NtGdiEngBitBlt [11] (win32k.sys) 124c: NtGdiEngStretchBlt [11] (win32k.sys) 124d: NtGdiEngPlgBlt [11] (win32k.sys) 124e: NtGdiEngMarkBandingSurface [1] (win32k.sys) 124f: NtGdiEngStrokePath [8] (win32k.sys) 1250: NtGdiEngFillPath [7] (win32k.sys) 1251: NtGdiEngStrokeAndFillPath [10] (win32k.sys) 1252: NtGdiEngPaint [5] (win32k.sys) 1253: NtGdiEngLineTo [9] (win32k.sys) 1254: NtGdiEngAlphaBlend [7] (win32k.sys) 1255: NtGdiEngGradientFill [10] (win32k.sys) 1256: NtGdiEngTransparentBlt [8] (win32k.sys) 1257: NtGdiEngTextOut [10] (win32k.sys) 1258: NtGdiEngStretchBltROP [13] (win32k.sys) 1259: NtGdiXLATEOBJ_cGetPalette [4] (win32k.sys) 125a: NtGdiXLATEOBJ_iXlate [2] (win32k.sys) 125b: NtGdiXLATEOBJ_hGetColorTransform [1] (win32k.sys) 125c: NtGdiCLIPOBJ_bEnum [3] (win32k.sys) 125d: NtGdiCLIPOBJ_cEnumStart [5] (win32k.sys) 125e: NtGdiCLIPOBJ_ppoGetPath [1] (win32k.sys) 125f: NtGdiEngDeletePath [1] (win32k.sys) 1260: NtGdiEngCreateClip [0] (win32k.sys) 1261: NtGdiEngDeleteClip [1] (win32k.sys) 1262: NtGdiBRUSHOBJ_ulGetBrushColor [1] (win32k.sys) 1263: NtGdiBRUSHOBJ_pvAllocRbrush [2] (win32k.sys) 1264: NtGdiBRUSHOBJ_pvGetRbrush [1] (win32k.sys) 1265: NtGdiBRUSHOBJ_hGetColorTransform [1] (win32k.sys) 1266: NtGdiXFORMOBJ_bApplyXform [5] (win32k.sys) 1267: NtGdiXFORMOBJ_iGetXform [2] (win32k.sys) 1268: NtGdiFONTOBJ_vGetInfo [3] (win32k.sys) 1269: NtGdiFONTOBJ_pxoGetXform [1] (win32k.sys) 126a: NtGdiFONTOBJ_cGetGlyphs [5] (win32k.sys) 126b: NtGdiFONTOBJ_pifi [1] (win32k.sys) 126c: NtGdiFONTOBJ_pfdg [1] (win32k.sys) 126d: NtGdiFONTOBJ_pQueryGlyphAttrs [2] (win32k.sys) 126e: NtGdiFONTOBJ_pvTrueTypeFontFile [2] (win32k.sys) 126f: NtGdiFONTOBJ_cGetAllGlyphHandles [2] (win32k.sys) 1270: NtGdiSTROBJ_bEnum [3] (win32k.sys) 1271: NtGdiSTROBJ_bEnumPositionsOnly [3] (win32k.sys) 1272: NtGdiSTROBJ_bGetAdvanceWidths [4] (win32k.sys) 1273: NtGdiSTROBJ_vEnumStart [1] (win32k.sys) 1274: NtGdiSTROBJ_dwGetCodePage [1] (win32k.sys) 1275: NtGdiPATHOBJ_vGetBounds [2] (win32k.sys) 1276: NtGdiPATHOBJ_bEnum [2] (win32k.sys) 1277: NtGdiPATHOBJ_vEnumStart [1] (win32k.sys) 1278: NtGdiPATHOBJ_vEnumStartClipLines [4] (win32k.sys) 1279: NtGdiPATHOBJ_bEnumClipLines [3] (win32k.sys) 127a: NtGdiGetDhpdev [1] (win32k.sys) 127b: NtGdiEngCheckAbort [1] (win32k.sys) 127c: NtGdiHT_Get8BPPFormatPalette [4] (win32k.sys) 127d: NtGdiHT_Get8BPPMaskPalette [6] (win32k.sys) 127e: NtGdiUpdateTransform [1] (win32k.sys) 127f: NtUserValidateTimerCallback [3] (win32k.sys) Table #2: be36c840, 0007 entries, params=be36c860, \SystemRoot\System32\drivers\spud.sys 2000: SPUDInitialize [2] (spud.sys) 2001: SPUDTerminate [0] (spud.sys) 2002: SPUDTransmitFileAndRecv [4] (spud.sys) 2003: SPUDSendAndRecv [4] (spud.sys) 2004: SPUDCancel [1] (spud.sys) 2005: SPUDGetCounts [1] (spud.sys) 2006: SPUDCreateFile [15] (spud.sys) Table #3: 00000000, 0000 entries, params=00000000, Cleanup... Unloading MemMap driver