Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 0: kd> .imgscan
- MZ at ffffdebb`7f400000, prot 00000040, type 01000000 - size 390000
- Name: win32kfull.sys
- MZ at ffffdebb`7f790000, prot 00000040, type 01000000 - size 234000
- Name: win32kbase.sys
- MZ at ffffdebb`7fad0000, prot 00000040, type 01000000 - size 3f000
- Name: cdd.dll
- MZ at ffffdebb`7fe00000, prot 00000040, type 01000000 - size 7c000
- Name: WIN32K.SYS
- MZ at fffff800`0d412000, prot 00000040, type 01000000 - size 961000
- Name: ntoskrnl.exe
- MZ at fffff800`0dd73000, prot 00000040, type 01000000 - size 8c000
- Name: HAL.dll
- MZ at fffff800`0e000000, prot 00000040, type 01000000 - size b000
- Name: KD.dll
- MZ at fffff800`32800000, prot 00000040, type 01000000 - size 60000
- Name: msrpc.sys
- MZ at fffff800`32860000, prot 00000040, type 01000000 - size 2a000
- Name: ksecdd.sys
- MZ at fffff800`32890000, prot 00000040, type 01000000 - size 11000
- Name: WerLiveKernelApi.dll
- MZ at fffff800`328b0000, prot 00000040, type 01000000 - size 64000
- Name: CLFS.SYS
- MZ at fffff800`32920000, prot 00000040, type 01000000 - size 24000
- Name: ntostmhost.dll
- MZ at fffff800`32950000, prot 00000040, type 01000000 - size 17000
- Name: PSHED.dll
- MZ at fffff800`32970000, prot 00000040, type 01000000 - size b000
- Name: BOOTVID.dll
- MZ at fffff800`32980000, prot 00000040, type 01000000 - size 69000
- Name: FLTMGR.SYS
- MZ at fffff800`32b00000, prot 00000040, type 01000000 - size e000
- Name: cmimcext.dll
- MZ at fffff800`32b10000, prot 00000040, type 01000000 - size c000
- Name: ntosext.dll
- MZ at fffff800`32b20000, prot 00000040, type 01000000 - size b5000
- Name: CI.dll
- MZ at fffff800`32c90000, prot 00000040, type 01000000 - size 159000
- Name: mcupdate_GenuineIntel.exe
- MZ at fffff800`32e00000, prot 00000040, type 01000000 - size e4000
- Name: Wdf01000.exe
- MZ at fffff800`32ef0000, prot 00000040, type 01000000 - size 13000
- Name: WDFLDR.SYS
- MZ at fffff800`32f10000, prot 00000040, type 01000000 - size e000
- Name: WppRecorder.sys
- MZ at fffff800`32f20000, prot 00000040, type 01000000 - size f000
- Name: SleepStudyHelper.sys
- MZ at fffff800`32f30000, prot 00000040, type 01000000 - size 23000
- Name: acpiex.exe
- MZ at fffff800`32f60000, prot 00000040, type 01000000 - size 4f000
- Name: mssecflt.exe
- MZ at fffff800`32fb0000, prot 00000040, type 01000000 - size 15000
- Name: SgrmAgent.exe
- MZ at fffff800`32fd0000, prot 00000040, type 01000000 - size a5000
- Name: ACPI.SYS
- MZ at fffff800`33080000, prot 00000040, type 01000000 - size c000
- Name: WMILIB.SYS
- MZ at fffff800`33090000, prot 00000040, type 01000000 - size 2f000
- Name: intelpep.exe
- MZ at fffff800`330c0000, prot 00000040, type 01000000 - size 16000
- Name: WindowsTrustedRT.exe
- MZ at fffff800`330e0000, prot 00000040, type 01000000 - size b000
- Name: WindowsTrustedRTProxy.exe
- MZ at fffff800`330f0000, prot 00000040, type 01000000 - size 14000
- Name: pcw.exe
- MZ at fffff800`33110000, prot 00000040, type 01000000 - size b000
- Name: msisadrv.exe
- MZ at fffff800`33120000, prot 00000040, type 01000000 - size 60000
- Name: pci.exe
- MZ at fffff800`33180000, prot 00000040, type 01000000 - size 12000
- Name: vdrvroot.exe
- MZ at fffff800`331a0000, prot 00000040, type 01000000 - size 28000
- Name: PDC.exe
- MZ at fffff800`331d0000, prot 00000040, type 01000000 - size 19000
- Name: CEA.sys
- MZ at fffff800`331f0000, prot 00000040, type 01000000 - size 2d000
- Name: partmgr.exe
- MZ at fffff800`33220000, prot 00000040, type 01000000 - size 99000
- Name: spaceport.exe
- MZ at fffff800`332c0000, prot 00000040, type 01000000 - size 19000
- Name: volmgr.exe
- MZ at fffff800`332e0000, prot 00000040, type 01000000 - size 5e000
- Name: volmgrx.exe
- MZ at fffff800`33340000, prot 00000040, type 01000000 - size 1e000
- Name: mountmgr.exe
- MZ at fffff800`33360000, prot 00000040, type 01000000 - size 2a000
- Name: storahci.exe
- MZ at fffff800`33390000, prot 00000040, type 01000000 - size 8f000
- Name: storport.sys
- MZ at fffff800`33420000, prot 00000040, type 01000000 - size 1f000
- Name: stornvme.exe
- MZ at fffff800`33440000, prot 00000040, type 01000000 - size 1c000
- Name: EhStorClass.exe
- MZ at fffff800`33460000, prot 00000040, type 01000000 - size 1a000
- Name: fileinfo.exe
- MZ at fffff800`33480000, prot 00000040, type 01000000 - size 3b000
- Name: wof.exe
- MZ at fffff800`334c0000, prot 00000040, type 01000000 - size 25b000
- Name: ntfs.exe
- MZ at fffff800`33720000, prot 00000040, type 01000000 - size d000
- Name: fs_rec.exe
- MZ at fffff800`33730000, prot 00000040, type 01000000 - size 141000
- Name: NDIS.SYS
- MZ at fffff800`33880000, prot 00000040, type 01000000 - size 89000
- Name: NETIO.SYS
- MZ at fffff800`33910000, prot 00000040, type 01000000 - size 30000
- Name: ksecpkg.exe
- MZ at fffff800`33ad0000, prot 00000040, type 01000000 - size b2000
- Name: cng.sys
- MZ at fffff800`33c00000, prot 00000040, type 01000000 - size bc000
- Name: fvevol.exe
- MZ at fffff800`33cc0000, prot 00000040, type 01000000 - size b000
- Name: volume.exe
- MZ at fffff800`33cd0000, prot 00000040, type 01000000 - size 67000
- Name: volsnap.exe
- MZ at fffff800`33d40000, prot 00000040, type 01000000 - size 4c000
- Name: rdyboost.exe
- MZ at fffff800`33d90000, prot 00000040, type 01000000 - size 24000
- Name: MUP.SYS
- MZ at fffff800`33dc0000, prot 00000040, type 01000000 - size 11000
- Name: iorate.exe
- MZ at fffff800`33df0000, prot 00000040, type 01000000 - size 1c000
- Name: disk.exe
- MZ at fffff800`33e10000, prot 00000040, type 01000000 - size 6b000
- Name: CLASSPNP.SYS
- MZ at fffff800`33ea0000, prot 00000040, type 01000000 - size 1b000
- Name: CRASHDMP.SYS
- MZ at fffff800`33f60000, prot 00000040, type 01000000 - size 2e000
- Name: cdrom.exe
- MZ at fffff800`33f90000, prot 00000040, type 01000000 - size 14000
- Name: filecrypt.exe
- MZ at fffff800`33fb0000, prot 00000040, type 01000000 - size d000
- Name: tbs.sys
- MZ at fffff800`33fc0000, prot 00000040, type 01000000 - size a000
- Name: null.exe
- MZ at fffff800`33fd0000, prot 00000040, type 01000000 - size a000
- Name: beep.exe
- MZ at fffff800`34000000, prot 00000040, type 01000000 - size 2a4000
- Name: TCPIP.SYS
- MZ at fffff800`342b0000, prot 00000040, type 01000000 - size 76000
- Name: fwpkclnt.sys
- MZ at fffff800`34330000, prot 00000040, type 01000000 - size 2d000
- Name: wfplwfs.exe
- MZ at fffff800`34a00000, prot 00000040, type 01000000 - size 9e000
- Name: afd.exe
- MZ at fffff800`34aa0000, prot 00000040, type 01000000 - size 1a000
- Name: vwififlt.SYS
- MZ at fffff800`34ac0000, prot 00000040, type 01000000 - size 29000
- Name: pacer.exe
- MZ at fffff800`34af0000, prot 00000040, type 01000000 - size 12000
- Name: netbios.exe
- MZ at fffff800`34b50000, prot 00000040, type 01000000 - size 76000
- Name: rdbss.sys
- MZ at fffff800`34bd0000, prot 00000040, type 01000000 - size 90000
- Name: csc.exe
- MZ at fffff800`34c60000, prot 00000040, type 01000000 - size 12000
- Name: nsiproxy.exe
- MZ at fffff800`34c80000, prot 00000040, type 01000000 - size d000
- Name: NpSvcTrig.exe
- MZ at fffff800`34c90000, prot 00000040, type 01000000 - size f000
- Name: mssmbios.exe
- MZ at fffff800`34ca0000, prot 00000040, type 01000000 - size a000
- Name: gpuenergydrv.exe
- MZ at fffff800`34cb0000, prot 00000040, type 01000000 - size 29000
- Name: dfsc.exe
- MZ at fffff800`34d00000, prot 00000040, type 01000000 - size 60000
- Name: fastfat.exe
- MZ at fffff800`34d60000, prot 00000040, type 01000000 - size 14000
- Name: bam.exe
- MZ at fffff800`34d80000, prot 00000040, type 01000000 - size 45000
- Name: ahcache.exe
- MZ at fffff800`34dd0000, prot 00000040, type 01000000 - size 11000
- Name: CompositeBus.exe
- MZ at fffff800`34df0000, prot 00000040, type 01000000 - size d000
- Name: kdnic.sys
- MZ at fffff800`34e00000, prot 00000040, type 01000000 - size 15000
- Name: UmBus.exe
- MZ at fffff800`34e20000, prot 00000004, type 00020000
- MZ at fffff800`353c0000, prot 00000004, type 00020000 - size 2b9000
- Name: dxgkrnl.sys
- MZ at fffff800`35680000, prot 00000040, type 01000000 - size 14000
- Name: watchdog.sys
- MZ at fffff800`356a0000, prot 00000040, type 01000000 - size 1a000
- Name: vmbkmclr.sys
- MZ at fffff800`356c0000, prot 00000040, type 01000000 - size 16000
- Name: BasicDisplay.exe
- MZ at fffff800`356e0000, prot 00000040, type 01000000 - size 10000
- Name: BasicRender.exe
- MZ at fffff800`356f0000, prot 00000040, type 01000000 - size 1b000
- Name: npfs.exe
- MZ at fffff800`35710000, prot 00000040, type 01000000 - size 10000
- Name: msfs.exe
- MZ at fffff800`35720000, prot 00000040, type 01000000 - size 23000
- Name: tdx.exe
- MZ at fffff800`35750000, prot 00000040, type 01000000 - size 10000
- Name: TDI.SYS
- MZ at fffff800`35760000, prot 00000040, type 01000000 - size 54000
- Name: netbt.exe
- MZ at fffff800`357c0000, prot 00000040, type 01000000 - size 13000
- Name: afunix.dll
- MZ at fffff800`35e00000, prot 00000040, type 01000000 - size 33000
- Name: HIDCLASS.SYS
- MZ at fffff800`35e40000, prot 00000040, type 01000000 - size 13000
- Name: HIDPARSE.SYS
- MZ at fffff800`35e60000, prot 00000040, type 01000000 - size f000
- Name: mouhid.exe
- MZ at fffff800`35e70000, prot 00000040, type 01000000 - size 11000
- Name: mouclass.exe
- MZ at fffff800`35e90000, prot 00000040, type 01000000 - size 10000
- Name: kbdhid.exe
- MZ at fffff800`35ea0000, prot 00000040, type 01000000 - size 13000
- Name: kbdclass.exe
- MZ at fffff800`35ec0000, prot 00000040, type 01000000 - size 2b000
- Name: USBAudio.exe
- MZ at fffff800`35ef0000, prot 00000040, type 01000000 - size 27000
- Name: ndu.exe
- MZ at fffff800`35fe0000, prot 00000040, type 01000000 - size 48000
- Name: srvnet.sys
- MZ at fffff800`36030000, prot 00000040, type 01000000 - size 13000
- Name: tcpipreg.exe
- MZ at fffff800`36050000, prot 00000040, type 01000000 - size bc000
- Name: srv2.exe
- MZ at fffff800`36110000, prot 00000040, type 01000000 - size 1b000
- Name: rassstp.exe
- MZ at fffff800`36130000, prot 00000040, type 01000000 - size 16000
- Name: ndproxy.exe
- MZ at fffff800`36150000, prot 00000040, type 01000000 - size 27000
- Name: AgileVpn.exe
- MZ at fffff800`36180000, prot 00000040, type 01000000 - size 20000
- Name: rasl2tp.exe
- MZ at fffff800`361a0000, prot 00000040, type 01000000 - size 1f000
- Name: raspptp.exe
- MZ at fffff800`361c0000, prot 00000040, type 01000000 - size 1b000
- Name: raspppoe.exe
- MZ at fffff800`361e0000, prot 00000040, type 01000000 - size f000
- Name: NDISTAPI.SYS
- MZ at fffff800`361f0000, prot 00000040, type 01000000 - size 37000
- Name: ndiswan.exe
- MZ at fffff800`36230000, prot 00000040, type 01000000 - size 12000
- Name: condrv.exe
- MZ at fffff800`36260000, prot 00000040, type 01000000 - size 13000
- Name: qwavedrv.exe
- MZ at fffff800`364d0000, prot 00000040, type 01000000 - size e000
- Name: SYS.exe
- MZ at fffff800`36500000, prot 00000040, type 01000000 - size 1f000
- Name: stornvme.exe
- MZ at fffff800`36540000, prot 00000040, type 01000000 - size 1d000
- Name: DUMPFVE.SYS
- MZ at fffff800`36570000, prot 00000040, type 01000000 - size 4c000
- Name: usbvideo.exe
- MZ at fffff800`365f0000, prot 00000040, type 01000000 - size c6000
- Name: dxgmms2.sys
- MZ at fffff800`366c0000, prot 00000040, type 01000000 - size 11000
- Name: monitor.exe
- MZ at fffff800`366e0000, prot 00000040, type 01000000 - size 27000
- Name: luafv.exe
- MZ at fffff800`36710000, prot 00000040, type 01000000 - size 28000
- Name: wcifs.exe
- MZ at fffff800`36740000, prot 00000004, type 00020000 - size 13000
- Name: mmcss.exe
- MZ at fffff800`36760000, prot 00000040, type 01000000 - size 6e000
- Name: cldflt.exe
- MZ at fffff800`367d0000, prot 00000040, type 01000000 - size 19000
- Name: storqosflt.exe
- MZ at fffff800`36820000, prot 00000040, type 01000000 - size 1a000
- Name: mslldp.exe
- MZ at fffff800`36840000, prot 00000040, type 01000000 - size d000
- Name: rdpvideominiport.exe
- MZ at fffff800`36850000, prot 00000040, type 01000000 - size 16000
- Name: lltdio.exe
- MZ at fffff800`36870000, prot 00000040, type 01000000 - size 1a000
- Name: rspndr.exe
- MZ at fffff800`36890000, prot 00000040, type 01000000 - size 1b000
- Name: wanarp.exe
- MZ at fffff800`368b0000, prot 00000040, type 01000000 - size 102000
- Name: http.exe
- MZ at fffff800`369c0000, prot 00000040, type 01000000 - size 21000
- Name: bowser.exe
- MZ at fffff800`369f0000, prot 00000040, type 01000000 - size 19000
- Name: mpsdrv.exe
- MZ at fffff800`36a10000, prot 00000040, type 01000000 - size 82000
- Name: mrxsmb.sys
- MZ at fffff800`36aa0000, prot 00000040, type 01000000 - size 3d000
- Name: mrxsmb20.exe
- MZ at fffff800`371b0000, prot 00000040, type 01000000 - size 2f000
- Name: usbccgp.exe
- MZ at fffff800`371e0000, prot 00000040, type 01000000 - size 12000
- Name: hidusb.exe
- MZ at fffff800`38400000, prot 00000040, type 01000000 - size 64000
- Name: portcls.sys
- MZ at fffff800`384a0000, prot 00000040, type 01000000 - size 6b000
- Name: ks.sys
- MZ at fffff800`38cd0000, prot 00000004, type 00020000 - size 6f000
- Name: usbxhci.exe
- MZ at fffff800`38d40000, prot 00000040, type 01000000 - size 3c000
- Name: ucx01000.exe
- MZ at fffff800`38e20000, prot 00000040, type 01000000 - size 1c000
- Name: serial.exe
- MZ at fffff800`38e40000, prot 00000040, type 01000000 - size f000
- Name: SerEnum.exe
- MZ at fffff800`38e50000, prot 00000040, type 01000000 - size 86000
- Name: e1i63x64.sys
- MZ at fffff800`38ee0000, prot 00000040, type 01000000 - size c000
- Name: wmiacpi.exe
- MZ at fffff800`38ef0000, prot 00000040, type 01000000 - size 3d000
- Name: intelppm.exe
- MZ at fffff800`38f30000, prot 00000040, type 01000000 - size b000
- Name: acpipagr.exe
- MZ at fffff800`38f40000, prot 00000040, type 01000000 - size d000
- Name: UEFI.SYS
- MZ at fffff800`38f50000, prot 00000004, type 00020000 - size d000
- Name: NdisVirtualBus.exe
- MZ at fffff800`38f60000, prot 00000040, type 01000000 - size c000
- Name: swenum.exe
- MZ at fffff800`38f70000, prot 00000040, type 01000000 - size e000
- Name: rdpbus.exe
- MZ at fffff800`38fa0000, prot 00000040, type 01000000 - size f000
- Name: ksthunk.exe
- MZ at fffff800`38fb0000, prot 00000040, type 01000000 - size 8e000
- Name: usbhub3.sys
- MZ at fffff800`39040000, prot 00000040, type 01000000 - size e000
- Name: USBD.SYS
- MZ at fffff800`3bbc0000, prot 00000040, type 01000000 - size 1d000
- Name: hdaudbus.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement