API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 27th, 2017
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.46 KB | None | 0 0
raw download clone embed print report
  1. kd> uf Kitrap00
  2. nt!Kei386EoiHelper:
  3. 8053dea8 fa cli
  4. 8053dea9 f7457000000200 test dword ptr [ebp+70h],20000h
  5. 8053deb0 7506 jne nt!KiExceptionExit+0x10 (8053deb8)
  6.  
  7. nt!KiExceptionExit+0xa:
  8. 8053deb2 f6456c01 test byte ptr [ebp+6Ch],1
  9. 8053deb6 7434 je nt!KiExceptionExit+0x44 (8053deec)
  10.  
  11. nt!KiExceptionExit+0x10:
  12. 8053deb8 8b1d24f1dfff mov ebx,dword ptr ds:[0FFDFF124h]
  13. 8053debe c6432e00 mov byte ptr [ebx+2Eh],0
  14. 8053dec2 807b4a00 cmp byte ptr [ebx+4Ah],0
  15. 8053dec6 7424 je nt!KiExceptionExit+0x44 (8053deec)
  16.  
  17. nt!KiExceptionExit+0x20:
  18. 8053dec8 8bdd mov ebx,ebp
  19. 8053deca b901000000 mov ecx,1
  20. 8053decf ff15f4764d80 call dword ptr [nt!_imp_KfRaiseIrql (804d76f4)]
  21. 8053ded5 50 push eax
  22. 8053ded6 fb sti
  23. 8053ded7 53 push ebx
  24. 8053ded8 6a00 push 0
  25. 8053deda 6a01 push 1
  26. 8053dedc e84dfbfbff call nt!KiDeliverApc (804fda2e)
  27. 8053dee1 59 pop ecx
  28. 8053dee2 ff151c774d80 call dword ptr [nt!_imp_KfLowerIrql (804d771c)]
  29. 8053dee8 fa cli
  30. 8053dee9 ebcd jmp nt!KiExceptionExit+0x10 (8053deb8)
  31.  
  32. nt!KiExceptionExit+0x44:
  33. 8053deec 8b54244c mov edx,dword ptr [esp+4Ch]
  34. 8053def0 648b1d50000000 mov ebx,dword ptr fs:[50h]
  35. 8053def7 64891500000000 mov dword ptr fs:[0],edx
  36. 8053defe f7c3ff000000 test ebx,0FFh
  37. 8053df04 754e jne nt!KiExceptionExit+0xac (8053df54)
  38.  
  39. nt!KiExceptionExit+0x5e:
  40. 8053df06 f744247000000200 test dword ptr [esp+70h],20000h
  41. 8053df0e 0f85c0000000 jne nt!KiExceptionExit+0x12c (8053dfd4)
  42.  
  43. nt!KiExceptionExit+0x6c:
  44. 8053df14 66f744246cf8ff test word ptr [esp+6Ch],0FFF8h
  45. 8053df1b 7477 je nt!KiExceptionExit+0xec (8053df94)
  46.  
  47. nt!KiExceptionExit+0x75:
  48. 8053df1d 8b54243c mov edx,dword ptr [esp+3Ch]
  49. 8053df21 8b4c2440 mov ecx,dword ptr [esp+40h]
  50. 8053df25 8b442444 mov eax,dword ptr [esp+44h]
  51. 8053df29 66837d6c08 cmp word ptr [ebp+6Ch],8
  52. 8053df2e 740c je nt!KiExceptionExit+0x94 (8053df3c)
  53.  
  54. nt!KiExceptionExit+0x88:
  55. 8053df30 8d6530 lea esp,[ebp+30h]
  56. 8053df33 0fa9 pop gs
  57. 8053df35 07 pop es
  58. 8053df36 1f pop ds
  59. 8053df37 8d6550 lea esp,[ebp+50h]
  60. 8053df3a 0fa1 pop fs
  61.  
  62. nt!KiExceptionExit+0x94:
  63. 8053df3c 8d6554 lea esp,[ebp+54h]
  64. 8053df3f 5f pop edi
  65. 8053df40 5e pop esi
  66. 8053df41 5b pop ebx
  67. 8053df42 5d pop ebp
  68. 8053df43 66817c24088000 cmp word ptr [esp+8],80h
  69. 8053df4a 0f87a0000000 ja nt!KiExceptionExit+0x148 (8053dff0)
  70.  
  71. nt!KiExceptionExit+0xa8:
  72. 8053df50 83c404 add esp,4
  73. 8053df53 cf iretd
  74.  
  75. nt!KiExceptionExit+0xac:
  76. 8053df54 f7457000000200 test dword ptr [ebp+70h],20000h
  77. 8053df5b 7509 jne nt!KiExceptionExit+0xbe (8053df66)
  78.  
  79. nt!KiExceptionExit+0xb5:
  80. 8053df5d f7456c01000000 test dword ptr [ebp+6Ch],1
  81. 8053df64 74a0 je nt!KiExceptionExit+0x5e (8053df06)
  82.  
  83. nt!KiExceptionExit+0xbe:
  84. 8053df66 33db xor ebx,ebx
  85. 8053df68 8b7518 mov esi,dword ptr [ebp+18h]
  86. 8053df6b 8b7d1c mov edi,dword ptr [ebp+1Ch]
  87. 8053df6e 0f23fb mov dr7,ebx
  88. 8053df71 0f23c6 mov dr0,esi
  89. 8053df74 8b5d20 mov ebx,dword ptr [ebp+20h]
  90. 8053df77 0f23cf mov dr1,edi
  91. 8053df7a 0f23d3 mov dr2,ebx
  92. 8053df7d 8b7524 mov esi,dword ptr [ebp+24h]
  93. 8053df80 8b7d28 mov edi,dword ptr [ebp+28h]
  94. 8053df83 8b5d2c mov ebx,dword ptr [ebp+2Ch]
  95. 8053df86 0f23de mov dr3,esi
  96. 8053df89 0f23f7 mov dr6,edi
  97. 8053df8c 0f23fb mov dr7,ebx
  98. 8053df8f e972ffffff jmp nt!KiExceptionExit+0x5e (8053df06)
  99.  
  100. nt!KiExceptionExit+0xec:
  101. 8053df94 8b5c2410 mov ebx,dword ptr [esp+10h]
  102. 8053df98 895c246c mov dword ptr [esp+6Ch],ebx
  103. 8053df9c 8b5c2414 mov ebx,dword ptr [esp+14h]
  104. 8053dfa0 83eb0c sub ebx,0Ch
  105. 8053dfa3 895c2464 mov dword ptr [esp+64h],ebx
  106. 8053dfa7 8b742470 mov esi,dword ptr [esp+70h]
  107. 8053dfab 897308 mov dword ptr [ebx+8],esi
  108. 8053dfae 8b74246c mov esi,dword ptr [esp+6Ch]
  109. 8053dfb2 897304 mov dword ptr [ebx+4],esi
  110. 8053dfb5 8b742468 mov esi,dword ptr [esp+68h]
  111. 8053dfb9 8933 mov dword ptr [ebx],esi
  112. 8053dfbb 8b442444 mov eax,dword ptr [esp+44h]
  113. 8053dfbf 8b54243c mov edx,dword ptr [esp+3Ch]
  114. 8053dfc3 8b4c2440 mov ecx,dword ptr [esp+40h]
  115. 8053dfc7 83c454 add esp,54h
  116. 8053dfca 5f pop edi
  117. 8053dfcb 5e pop esi
  118. 8053dfcc 5b pop ebx
  119. 8053dfcd 5d pop ebp
  120. 8053dfce 8b2424 mov esp,dword ptr [esp]
  121. 8053dfd1 cf iretd
  122.  
  123. nt!KiExceptionExit+0x12c:
  124. 8053dfd4 83c43c add esp,3Ch
  125. 8053dfd7 5a pop edx
  126. 8053dfd8 59 pop ecx
  127. 8053dfd9 58 pop eax
  128. 8053dfda 8d6554 lea esp,[ebp+54h]
  129. 8053dfdd 5f pop edi
  130. 8053dfde 5e pop esi
  131. 8053dfdf 5b pop ebx
  132. 8053dfe0 5d pop ebp
  133. 8053dfe1 66817c24088000 cmp word ptr [esp+8],80h
  134. 8053dfe8 7706 ja nt!KiExceptionExit+0x148 (8053dff0)
  135.  
  136. nt!KiExceptionExit+0x142:
  137. 8053dfea 83c404 add esp,4
  138. 8053dfed cf iretd
  139.  
  140. nt!KiExceptionExit+0x148:
  141. 8053dff0 66837c240200 cmp word ptr [esp+2],0
  142. 8053dff6 74f2 je nt!KiExceptionExit+0x142 (8053dfea)
  143.  
  144. nt!KiExceptionExit+0x150:
  145. 8053dff8 66833c2400 cmp word ptr [esp],0
  146. 8053dffd 75eb jne nt!KiExceptionExit+0x142 (8053dfea)
  147.  
  148. nt!KiExceptionExit+0x157:
  149. 8053dfff c12c2410 shr dword ptr [esp],10h
  150. 8053e003 66c7442402f800 mov word ptr [esp+2],0F8h
  151. 8053e00a 660fb22424 lss sp,dword ptr [esp]
  152. 8053e00f 0fb7e4 movzx esp,sp
  153. 8053e012 cf iretd
  154.  
  155. nt!KiExceptionExit+0x16b:
  156. 8053e013 33c9 xor ecx,ecx
  157. 8053e015 e81a000000 call nt!CommonDispatchException (8053e034)
  158. 8053e01a 33d2 xor edx,edx
  159. 8053e01c b901000000 mov ecx,1
  160. 8053e021 e80e000000 call nt!CommonDispatchException (8053e034)
  161. 8053e026 33d2 xor edx,edx
  162. 8053e028 b902000000 mov ecx,2
  163. 8053e02d e802000000 call nt!CommonDispatchException (8053e034)
  164. 8053e032 8bff mov edi,edi
  165. 8053e034 83ec50 sub esp,50h
  166. 8053e037 890424 mov dword ptr [esp],eax
  167. 8053e03a 33c0 xor eax,eax
  168. 8053e03c 89442404 mov dword ptr [esp+4],eax
  169. 8053e040 89442408 mov dword ptr [esp+8],eax
  170. 8053e044 895c240c mov dword ptr [esp+0Ch],ebx
  171. 8053e048 894c2410 mov dword ptr [esp+10h],ecx
  172. 8053e04c 83f900 cmp ecx,0
  173. 8053e04f 740c je nt!CommonDispatchException+0x29 (8053e05d)
  174.  
  175. nt!CommonDispatchException+0x1d:
  176. 8053e051 8d5c2414 lea ebx,[esp+14h]
  177. 8053e055 8913 mov dword ptr [ebx],edx
  178. 8053e057 897304 mov dword ptr [ebx+4],esi
  179. 8053e05a 897b08 mov dword ptr [ebx+8],edi
  180.  
  181. nt!CommonDispatchException+0x29:
  182. 8053e05d 8bcc mov ecx,esp
  183. 8053e05f f7457000000200 test dword ptr [ebp+70h],20000h
  184. 8053e066 7407 je nt!CommonDispatchException+0x3b (8053e06f)
  185.  
  186. nt!CommonDispatchException+0x34:
  187. 8053e068 b8ffff0000 mov eax,0FFFFh
  188. 8053e06d eb03 jmp nt!CommonDispatchException+0x3e (8053e072)
  189.  
  190. nt!CommonDispatchException+0x3b:
  191. 8053e06f 8b456c mov eax,dword ptr [ebp+6Ch]
  192.  
  193. nt!CommonDispatchException+0x3e:
  194. 8053e072 83e001 and eax,1
  195. 8053e075 6a01 push 1
  196. 8053e077 50 push eax
  197. 8053e078 55 push ebp
  198. 8053e079 6a00 push 0
  199. 8053e07b 51 push ecx
  200. 8053e07c e8bde8fbff call nt!KiDispatchException (804fc93e)
  201. 8053e081 8be5 mov esp,ebp
  202. 8053e083 e920feffff jmp nt!Kei386EoiHelper (8053dea8)
  203.  
  204. nt!Dr_kit0_a:
  205. 8053e0f0 f7457000000200 test dword ptr [ebp+70h],20000h
  206. 8053e0f7 750d jne nt!Dr_kit0_a+0x16 (8053e106)
  207.  
  208. nt!Dr_kit0_a+0x9:
  209. 8053e0f9 f7456c01000000 test dword ptr [ebp+6Ch],1
  210. 8053e100 0f84fc000000 je nt!KiTrap00+0x66 (8053e202)
  211.  
  212. nt!Dr_kit0_a+0x16:
  213. 8053e106 0f21c3 mov ebx,dr0
  214. 8053e109 0f21c9 mov ecx,dr1
  215. 8053e10c 0f21d7 mov edi,dr2
  216. 8053e10f 895d18 mov dword ptr [ebp+18h],ebx
  217. 8053e112 894d1c mov dword ptr [ebp+1Ch],ecx
  218. 8053e115 897d20 mov dword ptr [ebp+20h],edi
  219. 8053e118 0f21db mov ebx,dr3
  220. 8053e11b 0f21f1 mov ecx,dr6
  221. 8053e11e 0f21ff mov edi,dr7
  222. 8053e121 895d24 mov dword ptr [ebp+24h],ebx
  223. 8053e124 894d28 mov dword ptr [ebp+28h],ecx
  224. 8053e127 33db xor ebx,ebx
  225. 8053e129 897d2c mov dword ptr [ebp+2Ch],edi
  226. 8053e12c 0f23fb mov dr7,ebx
  227. 8053e12f 648b3d20000000 mov edi,dword ptr fs:[20h]
  228. 8053e136 8b9ff8020000 mov ebx,dword ptr [edi+2F8h]
  229. 8053e13c 8b8ffc020000 mov ecx,dword ptr [edi+2FCh]
  230. 8053e142 0f23c3 mov dr0,ebx
  231. 8053e145 0f23c9 mov dr1,ecx
  232. 8053e148 8b9f00030000 mov ebx,dword ptr [edi+300h]
  233. 8053e14e 8b8f04030000 mov ecx,dword ptr [edi+304h]
  234. 8053e154 0f23d3 mov dr2,ebx
  235. 8053e157 0f23d9 mov dr3,ecx
  236. 8053e15a 8b9f08030000 mov ebx,dword ptr [edi+308h]
  237. 8053e160 8b8f0c030000 mov ecx,dword ptr [edi+30Ch]
  238. 8053e166 0f23f3 mov dr6,ebx
  239. 8053e169 0f23f9 mov dr7,ecx
  240. 8053e16c e991000000 jmp nt!KiTrap00+0x66 (8053e202)
  241.  
  242. nt!V86_kit0_a:
  243. 8053e174 8b8584000000 mov eax,dword ptr [ebp+84h]
  244. 8053e17a 8b9d88000000 mov ebx,dword ptr [ebp+88h]
  245. 8053e180 8b4d7c mov ecx,dword ptr [ebp+7Ch]
  246. 8053e183 8b9580000000 mov edx,dword ptr [ebp+80h]
  247. 8053e189 66894550 mov word ptr [ebp+50h],ax
  248. 8053e18d 66895d30 mov word ptr [ebp+30h],bx
  249. 8053e191 66894d34 mov word ptr [ebp+34h],cx
  250. 8053e195 66895538 mov word ptr [ebp+38h],dx
  251. 8053e199 eb43 jmp nt!KiTrap00+0x42 (8053e1de)
  252.  
  253. nt!KiTrap00:
  254. 8053e19c 6a00 push 0
  255. 8053e19e 66c74424020000 mov word ptr [esp+2],0
  256. 8053e1a5 55 push ebp
  257. 8053e1a6 53 push ebx
  258. 8053e1a7 56 push esi
  259. 8053e1a8 57 push edi
  260. 8053e1a9 0fa0 push fs
  261. 8053e1ab bb30000000 mov ebx,30h
  262. 8053e1b0 668ee3 mov fs,bx
  263. 8053e1b3 648b1d00000000 mov ebx,dword ptr fs:[0]
  264. 8053e1ba 53 push ebx
  265. 8053e1bb 83ec04 sub esp,4
  266. 8053e1be 50 push eax
  267. 8053e1bf 51 push ecx
  268. 8053e1c0 52 push edx
  269. 8053e1c1 1e push ds
  270. 8053e1c2 06 push es
  271. 8053e1c3 0fa8 push gs
  272. 8053e1c5 66b82300 mov ax,23h
  273. 8053e1c9 83ec30 sub esp,30h
  274. 8053e1cc 668ed8 mov ds,ax
  275. 8053e1cf 668ec0 mov es,ax
  276. 8053e1d2 8bec mov ebp,esp
  277. 8053e1d4 f744247000000200 test dword ptr [esp+70h],20000h
  278. 8053e1dc 7596 jne nt!V86_kit0_a (8053e174)
  279.  
  280. nt!KiTrap00+0x42:
  281. 8053e1de fc cld
  282. 8053e1df 8b5d60 mov ebx,dword ptr [ebp+60h]
  283. 8053e1e2 8b7d68 mov edi,dword ptr [ebp+68h]
  284. 8053e1e5 89550c mov dword ptr [ebp+0Ch],edx
  285. 8053e1e8 c74508000ddbba mov dword ptr [ebp+8],0BADB0D00h
  286. 8053e1ef 895d00 mov dword ptr [ebp],ebx
  287. 8053e1f2 897d04 mov dword ptr [ebp+4],edi
  288. 8053e1f5 f60550f0dfffff test byte ptr ds:[0FFDFF050h],0FFh
  289. 8053e1fc 0f85eefeffff jne nt!Dr_kit0_a (8053e0f0)
  290.  
  291. nt!KiTrap00+0x66:
  292. 8053e202 f7457000000200 test dword ptr [ebp+70h],20000h
  293. 8053e209 753c jne nt!KiTrap00+0xab (8053e247)
  294.  
  295. nt!KiTrap00+0x6f:
  296. 8053e20b f6456c01 test byte ptr [ebp+6Ch],1
  297. 8053e20f 7407 je nt!KiTrap00+0x7c (8053e218)
  298.  
  299. nt!KiTrap00+0x75:
  300. 8053e211 66837d6c1b cmp word ptr [ebp+6Ch],1Bh
  301. 8053e216 751d jne nt!KiTrap00+0x99 (8053e235)
  302.  
  303. nt!KiTrap00+0x7c:
  304. 8053e218 fb sti
  305. 8053e219 55 push ebp
  306. 8053e21a e8b5970500 call nt!Ki386CheckDivideByZeroTrap (805979d4)
  307. 8053e21f 8b5d68 mov ebx,dword ptr [ebp+68h]
  308. 8053e222 e9ecfdffff jmp nt!KiExceptionExit+0x16b (8053e013)
  309.  
  310. nt!KiTrap00+0x8b:
  311. 8053e227 fb sti
  312. 8053e228 8b5d68 mov ebx,dword ptr [ebp+68h]
  313. 8053e22b b8940000c0 mov eax,0C0000094h
  314. 8053e230 e9defdffff jmp nt!KiExceptionExit+0x16b (8053e013)
  315.  
  316. nt!KiTrap00+0x99:
  317. 8053e235 8b1d24f1dfff mov ebx,dword ptr ds:[0FFDFF124h]
  318. 8053e23b 8b5b44 mov ebx,dword ptr [ebx+44h]
  319. 8053e23e 83bb5801000000 cmp dword ptr [ebx+158h],0
  320. 8053e245 74e0 je nt!KiTrap00+0x8b (8053e227)
  321.  
  322. nt!KiTrap00+0xab:
  323. 8053e247 6a00 push 0
  324. 8053e249 e83e2c0000 call nt!Ki386VdmReflectException_A (80540e8c)
  325. 8053e24e 0ac0 or al,al
  326. 8053e250 74d5 je nt!KiTrap00+0x8b (8053e227)
  327.  
  328. nt!KiTrap00+0xb6:
  329. 8053e252 e951fcffff jmp nt!Kei386EoiHelper (8053dea8)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!