Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <instrumentationManifest xmlns="http://schemas.microsoft.com/win/2004/08/events">
- <instrumentation xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events">
- <events>
- <provider name="Microsoft-Windows-Threat-Intelligence" guid="{f4e1897c-bb5d-5668-f1d8-040f4d8dd344}" resourceFileName="Microsoft-Windows-Threat-Intelligence" messageFileName="Microsoft-Windows-Threat-Intelligence" symbol="MicrosoftWindowsThreatIntelligence" source="Xml" >
- <keywords>
- <keyword name="KERNEL_THREATINT_KEYWORD_ALLOCVM" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_ALLOCVM)" mask="0x10"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_PROTECTVM" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_PROTECTVM)" mask="0x20"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_MAPVIEW" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_MAPVIEW)" mask="0x40"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC)" mask="0x80"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT)" mask="0x100"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_LOCAL_CALLS" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_LOCAL_CALLS)" mask="0x200"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_CONTEXT_PARSE" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_CONTEXT_PARSE)" mask="0x400"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_VAD_PROBE" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_VAD_PROBE)" mask="0x800"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_MMF_NAME_PROBE" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_MMF_NAME_PROBE)" mask="0x1000"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_READVM" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_READVM)" mask="0x2000"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_WRITEVM" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_WRITEVM)" mask="0x4000"/>
- <keyword name="KERNEL_THREATINT_KEYWORD_READWRITEVM_NO_SIGNATURE_RESTRICTION" message="$(string.keyword_KERNEL_THREATINT_KEYWORD_READWRITEVM_NO_SIGNATURE_RESTRICTION)" mask="0x8000"/>
- </keywords>
- <tasks>
- <task name="KERNEL_THREATINT_TASK_ALLOCVM_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_ALLOCVM_REMOTE)" value="1"/>
- <task name="KERNEL_THREATINT_TASK_PROTECTVM_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_PROTECTVM_REMOTE)" value="2"/>
- <task name="KERNEL_THREATINT_TASK_MAPVIEW_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_MAPVIEW_REMOTE)" value="3"/>
- <task name="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTE)" value="4"/>
- <task name="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTE)" value="5"/>
- <task name="KERNEL_THREATINT_TASK_ALLOCVM_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_ALLOCVM_LOCAL)" value="6"/>
- <task name="KERNEL_THREATINT_TASK_PROTECTVM_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_PROTECTVM_LOCAL)" value="7"/>
- <task name="KERNEL_THREATINT_TASK_MAPVIEW_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_MAPVIEW_LOCAL)" value="8"/>
- <task name="KERNEL_THREATINT_TASK_QUEUEUSERAPC_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_QUEUEUSERAPC_LOCAL)" value="9"/>
- <task name="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_SETTHREADCONTEXT_LOCAL)" value="10"/>
- <task name="KERNEL_THREATINT_TASK_READVM_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_READVM_LOCAL)" value="11"/>
- <task name="KERNEL_THREATINT_TASK_WRITEVM_LOCAL" message="$(string.task_KERNEL_THREATINT_TASK_WRITEVM_LOCAL)" value="12"/>
- <task name="KERNEL_THREATINT_TASK_READVM_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_READVM_REMOTE)" value="13"/>
- <task name="KERNEL_THREATINT_TASK_WRITEVM_REMOTE" message="$(string.task_KERNEL_THREATINT_TASK_WRITEVM_REMOTE)" value="14"/>
- </tasks>
- <events>
- <event value="1" symbol="KERNEL_THREATINT_TASK_ALLOCVM_REMOTE" version="0" task="KERNEL_THREATINT_TASK_ALLOCVM_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_ALLOCVM_REMOTEArgs"/>
- <event value="2" symbol="KERNEL_THREATINT_TASK_PROTECTVM_REMOTE" version="0" task="KERNEL_THREATINT_TASK_PROTECTVM_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_PROTECTVM_REMOTEArgs"/>
- <event value="3" symbol="KERNEL_THREATINT_TASK_MAPVIEW_REMOTE" version="0" task="KERNEL_THREATINT_TASK_MAPVIEW_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_MAPVIEW_REMOTEArgs"/>
- <event value="4" symbol="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTE" version="0" task="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTEArgs"/>
- <event value="5" symbol="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTE" version="0" task="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTEArgs"/>
- <event value="6" symbol="KERNEL_THREATINT_TASK_ALLOCVM_LOCAL" version="0" task="KERNEL_THREATINT_TASK_ALLOCVM_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_ALLOCVM_REMOTEArgs"/>
- <event value="7" symbol="KERNEL_THREATINT_TASK_PROTECTVM_LOCAL" version="0" task="KERNEL_THREATINT_TASK_PROTECTVM_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_PROTECTVM_REMOTEArgs"/>
- <event value="8" symbol="KERNEL_THREATINT_TASK_MAPVIEW_LOCAL" version="0" task="KERNEL_THREATINT_TASK_MAPVIEW_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_MAPVIEW_REMOTEArgs"/>
- <event value="9" symbol="KERNEL_THREATINT_TASK_QUEUEUSERAPC_LOCAL" version="0" task="KERNEL_THREATINT_TASK_QUEUEUSERAPC_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTEArgs"/>
- <event value="10" symbol="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_LOCAL" version="0" task="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTEArgs"/>
- <event value="11" symbol="KERNEL_THREATINT_TASK_READVM_LOCAL" version="0" task="KERNEL_THREATINT_TASK_READVM_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_READVM_LOCALArgs"/>
- <event value="12" symbol="KERNEL_THREATINT_TASK_WRITEVM_LOCAL" version="0" task="KERNEL_THREATINT_TASK_WRITEVM_LOCAL" level="win:Always" template="KERNEL_THREATINT_TASK_READVM_LOCALArgs"/>
- <event value="13" symbol="KERNEL_THREATINT_TASK_READVM_REMOTE" version="0" task="KERNEL_THREATINT_TASK_READVM_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_READVM_LOCALArgs"/>
- <event value="14" symbol="KERNEL_THREATINT_TASK_WRITEVM_REMOTE" version="0" task="KERNEL_THREATINT_TASK_WRITEVM_REMOTE" level="win:Always" template="KERNEL_THREATINT_TASK_READVM_LOCALArgs"/>
- </events>
- <templates>
- <template tid="KERNEL_THREATINT_TASK_ALLOCVM_REMOTEArgs">
- <data name="CallingProcessId" inType="win:UInt32"/>
- <data name="CallingProcessCreateTime" inType="win:FILETIME"/>
- <data name="CallingProcessStartKey" inType="win:UInt64"/>
- <data name="CallingProcessSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessProtection" inType="win:UInt8"/>
- <data name="CallingThreadId" inType="win:UInt32"/>
- <data name="CallingThreadCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessId" inType="win:UInt32"/>
- <data name="TargetProcessCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessStartKey" inType="win:UInt64"/>
- <data name="TargetProcessSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessProtection" inType="win:UInt8"/>
- <data name="BaseAddress" inType="win:Pointer"/>
- <data name="RegionSize" inType="win:Pointer"/>
- <data name="AllocationType" inType="win:UInt32"/>
- <data name="ProtectionMask" inType="win:UInt32"/>
- </template>
- <template tid="KERNEL_THREATINT_TASK_PROTECTVM_REMOTEArgs">
- <data name="CallingProcessId" inType="win:UInt32"/>
- <data name="CallingProcessCreateTime" inType="win:FILETIME"/>
- <data name="CallingProcessStartKey" inType="win:UInt64"/>
- <data name="CallingProcessSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessProtection" inType="win:UInt8"/>
- <data name="CallingThreadId" inType="win:UInt32"/>
- <data name="CallingThreadCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessId" inType="win:UInt32"/>
- <data name="TargetProcessCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessStartKey" inType="win:UInt64"/>
- <data name="TargetProcessSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessProtection" inType="win:UInt8"/>
- <data name="BaseAddress" inType="win:Pointer"/>
- <data name="RegionSize" inType="win:Pointer"/>
- <data name="ProtectionMask" inType="win:UInt32"/>
- <data name="LastProtectionMask" inType="win:UInt32"/>
- </template>
- <template tid="KERNEL_THREATINT_TASK_MAPVIEW_REMOTEArgs">
- <data name="CallingProcessId" inType="win:UInt32"/>
- <data name="CallingProcessCreateTime" inType="win:FILETIME"/>
- <data name="CallingProcessStartKey" inType="win:UInt64"/>
- <data name="CallingProcessSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessProtection" inType="win:UInt8"/>
- <data name="CallingThreadId" inType="win:UInt32"/>
- <data name="CallingThreadCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessId" inType="win:UInt32"/>
- <data name="TargetProcessCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessStartKey" inType="win:UInt64"/>
- <data name="TargetProcessSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessProtection" inType="win:UInt8"/>
- <data name="BaseAddress" inType="win:Pointer"/>
- <data name="ViewSize" inType="win:Pointer"/>
- <data name="AllocationType" inType="win:UInt32"/>
- <data name="ProtectionMask" inType="win:UInt32"/>
- </template>
- <template tid="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTEArgs">
- <data name="OperationStatus" inType="win:UInt32"/>
- <data name="CallingProcessId" inType="win:UInt32"/>
- <data name="CallingProcessCreateTime" inType="win:FILETIME"/>
- <data name="CallingProcessStartKey" inType="win:UInt64"/>
- <data name="CallingProcessSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessProtection" inType="win:UInt8"/>
- <data name="CallingThreadId" inType="win:UInt32"/>
- <data name="CallingThreadCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessId" inType="win:UInt32"/>
- <data name="TargetProcessCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessStartKey" inType="win:UInt64"/>
- <data name="TargetProcessSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessProtection" inType="win:UInt8"/>
- <data name="TargetThreadId" inType="win:UInt32"/>
- <data name="TargetThreadCreateTime" inType="win:FILETIME"/>
- <data name="ApcRoutine" inType="win:Pointer"/>
- <data name="ApcArgument1" inType="win:Pointer"/>
- <data name="ApcArgument2" inType="win:Pointer"/>
- <data name="ApcArgument3" inType="win:Pointer"/>
- <data name="ApcRoutineVadQueryResult" inType="win:UInt32"/>
- <data name="ApcRoutineVadAllocationBase" inType="win:Pointer"/>
- <data name="ApcRoutineVadAllocationProtect" inType="win:UInt32"/>
- <data name="ApcRoutineVadRegionType" inType="win:UInt32"/>
- <data name="ApcRoutineVadRegionSize" inType="win:Pointer"/>
- <data name="ApcRoutineVadCommitSize" inType="win:Pointer"/>
- <data name="ApcRoutineVadMmfName" inType="win:UnicodeString"/>
- <data name="ApcArgument1VadQueryResult" inType="win:UInt32"/>
- <data name="ApcArgument1VadAllocationBase" inType="win:Pointer"/>
- <data name="ApcArgument1VadAllocationProtect" inType="win:UInt32"/>
- <data name="ApcArgument1VadRegionType" inType="win:UInt32"/>
- <data name="ApcArgument1VadRegionSize" inType="win:Pointer"/>
- <data name="ApcArgument1VadCommitSize" inType="win:Pointer"/>
- <data name="ApcArgument1VadMmfName" inType="win:UnicodeString"/>
- </template>
- <template tid="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTEArgs">
- <data name="OperationStatus" inType="win:UInt32"/>
- <data name="CallingProcessId" inType="win:UInt32"/>
- <data name="CallingProcessCreateTime" inType="win:FILETIME"/>
- <data name="CallingProcessStartKey" inType="win:UInt64"/>
- <data name="CallingProcessSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessProtection" inType="win:UInt8"/>
- <data name="CallingThreadId" inType="win:UInt32"/>
- <data name="CallingThreadCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessId" inType="win:UInt32"/>
- <data name="TargetProcessCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessStartKey" inType="win:UInt64"/>
- <data name="TargetProcessSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessProtection" inType="win:UInt8"/>
- <data name="TargetThreadId" inType="win:UInt32"/>
- <data name="TargetThreadCreateTime" inType="win:FILETIME"/>
- <data name="ContextMask" inType="win:UInt16"/>
- <data name="Pc" inType="win:Pointer"/>
- <data name="Sp" inType="win:Pointer"/>
- <data name="Lr" inType="win:Pointer"/>
- <data name="Fp" inType="win:Pointer"/>
- <data name="Reg0" inType="win:Pointer"/>
- <data name="Reg1" inType="win:Pointer"/>
- <data name="Reg2" inType="win:Pointer"/>
- <data name="Reg3" inType="win:Pointer"/>
- <data name="Reg4" inType="win:Pointer"/>
- <data name="Reg5" inType="win:Pointer"/>
- <data name="Reg6" inType="win:Pointer"/>
- <data name="Reg7" inType="win:Pointer"/>
- <data name="PcVadQueryResult" inType="win:UInt32"/>
- <data name="PcVadAllocationBase" inType="win:Pointer"/>
- <data name="PcVadAllocationProtect" inType="win:UInt32"/>
- <data name="PcVadRegionType" inType="win:UInt32"/>
- <data name="PcVadRegionSize" inType="win:Pointer"/>
- <data name="PcVadCommitSize" inType="win:Pointer"/>
- <data name="PcVadMmfName" inType="win:UnicodeString"/>
- </template>
- <template tid="KERNEL_THREATINT_TASK_READVM_LOCALArgs">
- <data name="OperationStatus" inType="win:UInt32"/>
- <data name="CallingProcessId" inType="win:UInt32"/>
- <data name="CallingProcessCreateTime" inType="win:FILETIME"/>
- <data name="CallingProcessStartKey" inType="win:UInt64"/>
- <data name="CallingProcessSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="CallingProcessProtection" inType="win:UInt8"/>
- <data name="CallingThreadId" inType="win:UInt32"/>
- <data name="CallingThreadCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessId" inType="win:UInt32"/>
- <data name="TargetProcessCreateTime" inType="win:FILETIME"/>
- <data name="TargetProcessStartKey" inType="win:UInt64"/>
- <data name="TargetProcessSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessSectionSignatureLevel" inType="win:UInt8"/>
- <data name="TargetProcessProtection" inType="win:UInt8"/>
- <data name="BaseAddress" inType="win:Pointer"/>
- <data name="BytesCopied" inType="win:Pointer"/>
- </template>
- </templates>
- </provider>
- </events>
- </instrumentation>
- <localization>
- <resources culture="en-US">
- <stringTable>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_ALLOCVM" value="KERNEL_THREATINT_KEYWORD_ALLOCVM"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_PROTECTVM" value="KERNEL_THREATINT_KEYWORD_PROTECTVM"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_MAPVIEW" value="KERNEL_THREATINT_KEYWORD_MAPVIEW"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC" value="KERNEL_THREATINT_KEYWORD_QUEUEUSERAPC"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT" value="KERNEL_THREATINT_KEYWORD_SETTHREADCONTEXT"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_LOCAL_CALLS" value="KERNEL_THREATINT_KEYWORD_LOCAL_CALLS"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_CONTEXT_PARSE" value="KERNEL_THREATINT_KEYWORD_CONTEXT_PARSE"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_VAD_PROBE" value="KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_VAD_PROBE"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_MMF_NAME_PROBE" value="KERNEL_THREATINT_KEYWORD_EXECUTION_ADDRESS_MMF_NAME_PROBE"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_READVM" value="KERNEL_THREATINT_KEYWORD_READVM"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_WRITEVM" value="KERNEL_THREATINT_KEYWORD_WRITEVM"/>
- <string id="keyword_KERNEL_THREATINT_KEYWORD_READWRITEVM_NO_SIGNATURE_RESTRICTION" value="KERNEL_THREATINT_KEYWORD_READWRITEVM_NO_SIGNATURE_RESTRICTION"/>
- <string id="task_KERNEL_THREATINT_TASK_ALLOCVM_REMOTE" value="KERNEL_THREATINT_TASK_ALLOCVM_REMOTE"/>
- <string id="task_KERNEL_THREATINT_TASK_PROTECTVM_REMOTE" value="KERNEL_THREATINT_TASK_PROTECTVM_REMOTE"/>
- <string id="task_KERNEL_THREATINT_TASK_MAPVIEW_REMOTE" value="KERNEL_THREATINT_TASK_MAPVIEW_REMOTE"/>
- <string id="task_KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTE" value="KERNEL_THREATINT_TASK_QUEUEUSERAPC_REMOTE"/>
- <string id="task_KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTE" value="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_REMOTE"/>
- <string id="task_KERNEL_THREATINT_TASK_ALLOCVM_LOCAL" value="KERNEL_THREATINT_TASK_ALLOCVM_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_PROTECTVM_LOCAL" value="KERNEL_THREATINT_TASK_PROTECTVM_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_MAPVIEW_LOCAL" value="KERNEL_THREATINT_TASK_MAPVIEW_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_QUEUEUSERAPC_LOCAL" value="KERNEL_THREATINT_TASK_QUEUEUSERAPC_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_SETTHREADCONTEXT_LOCAL" value="KERNEL_THREATINT_TASK_SETTHREADCONTEXT_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_READVM_LOCAL" value="KERNEL_THREATINT_TASK_READVM_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_WRITEVM_LOCAL" value="KERNEL_THREATINT_TASK_WRITEVM_LOCAL"/>
- <string id="task_KERNEL_THREATINT_TASK_READVM_REMOTE" value="KERNEL_THREATINT_TASK_READVM_REMOTE"/>
- <string id="task_KERNEL_THREATINT_TASK_WRITEVM_REMOTE" value="KERNEL_THREATINT_TASK_WRITEVM_REMOTE"/>
- </stringTable>
- </resources>
- </localization>
- </instrumentationManifest>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement