Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Mais à quoi sert donc un Anti-Virus ?

ClaudeR

Par ClaudeR
dans Analyses et éradication malwares

 Partager

Messages recommandés

ClaudeR Member

ClaudeR

Posté(e)
  • Auteur
Posté(e)

Désolé du p'tit délai

Voici le rapport Gmer

GMER 1.0.12.12086 - http://www.gmer.net

Rootkit scan 2007-04-03 19:21:46

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.12 ----

 

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

 

---- Kernel code sections - GMER 1.0.12 ----

 

.text win32k.sys!HT_ComputeRGBGammaTable + FFE82B8A BF800393 2 Bytes [ 7D, D7 ]

.text win32k.sys!HT_ComputeRGBGammaTable + FFE82C0B BF800414 1 Byte [ 26 ]

.text win32k.sys!HT_ComputeRGBGammaTable + FFE82C10 BF800419 2 Bytes [ 18, 65 ]

.text win32k.sys!HT_ComputeRGBGammaTable + FFE82C1F BF800428 1 Byte [ A3 ]

.text win32k.sys!HT_ComputeRGBGammaTable + FFE82C24 BF80042D 1 Byte [ 91 ]

.text ...

.text win32k.sys!EngAcquireSemaphore + 15 BF80650D 23 Bytes [ 33, D2, 42, 8B, 4D, F0, 83, ... ]

.text win32k.sys!EngAcquireSemaphore + 2D BF806525 18 Bytes [ 46, 2C, 89, 41, 0C, 81, C6, ... ]

.text win32k.sys!EngAcquireSemaphore + 40 BF806538 6 Bytes [ F8, F3, A5, 8B, 7D, 0C ]

.text win32k.sys!EngAcquireSemaphore + 47 BF80653F 43 Bytes [ 75, F4, 8B, 43, 04, 33, C7, ... ]

.text win32k.sys!EngAcquireSemaphore + 73 BF80656B 32 Bytes [ 3B, 05, 6C, 4F, 9A, BF, 89, ... ]

.text ...

.text win32k.sys!EngFreeUserMem + 2 BF809ADE 24 Bytes CALL BF83F4BE \SystemRoot\System32\win32k.sys

.text win32k.sys!EngFreeUserMem + 1B BF809AF7 72 Bytes CALL BF837919 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngFreeUserMem + 64 BF809B40 17 Bytes [ 89, 7D, 10, 0F, 85, AE, FB, ... ]

.text win32k.sys!EngFreeUserMem + 76 BF809B52 83 Bytes [ FF, 83, 7D, 14, 00, 0F, 85, ... ]

.text win32k.sys!EngFreeUserMem + CA BF809BA6 67 Bytes [ 0F, B7, 45, 10, 48, 0F, 85, ... ]

.text ...

.text win32k.sys!EngDeleteSurface + 1F BF80FAD5 11 Bytes [ 75, 3D, FF, 35, 7C, 76, 9A, ... ]

.text win32k.sys!EngDeleteSurface + 2B BF80FAE1 2 Bytes [ FF, 4F ]

.text win32k.sys!EngDeleteSurface + 2F BF80FAE5 19 Bytes [ A1, 80, 76, 9A, BF, 85, C0, ... ]

.text win32k.sys!EngDeleteSurface + 45 BF80FAFB 11 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]

.text win32k.sys!EngDeleteSurface + 51 BF80FB07 43 Bytes [ 8B, 40, 1C, 8B, 40, 20, 84, ... ]

.text ...

.text win32k.sys!EngNineGrid + B BF81718B 35 Bytes [ 55, 83, FF, 05, 75, 38, 57, ... ]

.text win32k.sys!EngNineGrid + 2F BF8171AF 1 Byte [ 80 ]

.text win32k.sys!EngNineGrid + 31 BF8171B1 56 Bytes [ 04, 00, 00, 8D, 4D, 0C, 89, ... ]

.text win32k.sys!EngNineGrid + 6A BF8171EA 40 Bytes [ 98, 82, FF, FF, 83, 7D, F4, ... ]

.text win32k.sys!EngNineGrid + 93 BF817213 31 Bytes [ 45, 10, 8B, 88, 10, 04, 00, ... ]

.text ...

.text win32k.sys!EngTransparentBlt + EB BF819382 46 Bytes [ FF, FF, 8B, 4E, 08, 3B, 4B, ... ]

.text win32k.sys!EngTransparentBlt + 11A BF8193B1 18 Bytes [ 8B, 4D, 0C, 8B, 50, 08, 3B, ... ]

.text win32k.sys!EngTransparentBlt + 12D BF8193C4 31 Bytes [ D2, 0F, 8C, 31, FF, FF, FF, ... ]

.text win32k.sys!EngTransparentBlt + 14D BF8193E4 37 Bytes [ 78, 04, 8B, 50, 0C, 3B, FA, ... ]

.text win32k.sys!EngTransparentBlt + 173 BF81940A 53 Bytes [ 79, 24, 2B, FA, 01, 7E, 0C, ... ]

.text ...

.text win32k.sys!EngCreateDeviceBitmap + 4 BF81981F 17 Bytes [ 79, 08, 2B, 39, 33, C9, 39, ... ]

.text win32k.sys!EngCreateDeviceBitmap + 16 BF819831 23 Bytes [ 07, 5F, 5E, 5B, C9, C2, 14, ... ]

.text win32k.sys!EngCreateDeviceBitmap + 2E BF819849 110 Bytes [ 46, 4C, 81, E2, 00, 00, 04, ... ]

.text win32k.sys!EngCreateDeviceBitmap + 9D BF8198B8 85 Bytes [ 55, 14, 8B, 92, E4, 05, 00, ... ]

.text win32k.sys!EngAssociateSurface + 2B BF81990E 62 Bytes [ EC, 83, EC, 10, 8B, 45, 08, ... ]

.text win32k.sys!EngAssociateSurface + 6A BF81994D 24 Bytes [ 5D, F4, 8B, 4D, F0, 85, C9, ... ]

.text win32k.sys!EngAssociateSurface + 83 BF819966 192 Bytes [ 08, 04, 23, CF, 3B, 48, 78, ... ]

.text win32k.sys!EngQueryPerformanceCounter + E BF819A27 175 Bytes [ EC, 81, EC, 0C, 02, 00, 00, ... ]

.text win32k.sys!EngQueryPerformanceCounter + BE BF819AD7 6 Bytes [ F0, 8D, BD, 38, FF, FF ]

.text win32k.sys!EngQueryPerformanceCounter + C5 BF819ADE 67 Bytes [ A5, A5, A5, 8D, 48, 10, A5, ... ]

.text win32k.sys!EngQueryPerformanceCounter + 109 BF819B22 26 Bytes [ 8B, 45, 20, 8B, 4D, 10, 3B, ... ]

.text win32k.sys!EngQueryPerformanceCounter + 124 BF819B3D 2 Bytes [ FF, FF ]

.text ...

.text win32k.sys!BRUSHOBJ_pvGetRbrush + 38 BF81B615 16 Bytes [ 6A, 5C, FF, B0, 20, 09, 00, ... ]

.text win32k.sys!BRUSHOBJ_pvGetRbrush + 49 BF81B626 26 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]

.text win32k.sys!BRUSHOBJ_pvGetRbrush + 64 BF81B641 191 Bytes [ FE, FF, 8B, C8, 0F, B7, 45, ... ]

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 2C BF81B701 39 Bytes [ 85, 34, FC, FF, FF, 33, D2, ... ]

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 54 BF81B729 14 Bytes JMP BF81C49E \SystemRoot\System32\win32k.sys

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 63 BF81B738 38 Bytes [ 39, 95, 30, FC, FF, FF, 74, ... ]

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 8A BF81B75F 110 Bytes CALL BF921173 \SystemRoot\System32\win32k.sys

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + F9 BF81B7CE 19 Bytes CALL BF857525 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngMulDiv + 67 BF81F6DA 1 Byte [ 7D ]

.text win32k.sys!EngMulDiv + 69 BF81F6DC 30 Bytes [ F7, C7, 00, 00, FF, FF, 74, ... ]

.text win32k.sys!EngMulDiv + 88 BF81F6FB 2 Bytes [ EE, DC ]

.text win32k.sys!EngMulDiv + 8C BF81F6FF 1 Byte [ 85 ]

.text win32k.sys!EngMulDiv + 8E BF81F701 6 Bytes [ 75, 12, 50, 81, C6, 88 ]

.text ...

.text win32k.sys!EngSetLastError + 25 BF8241D5 29 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]

.text win32k.sys!EngSetLastError + 43 BF8241F3 31 Bytes [ 01, 3B, C2, 75, 06, 5F, 5E, ... ]

.text win32k.sys!EngSetLastError + 63 BF824213 91 Bytes [ E4, 85, C0, 8B, 4E, 28, 89, ... ]

.text win32k.sys!EngSetLastError + BF BF82426F 12 Bytes CALL BF800B45 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngSetLastError + CC BF82427C 1 Byte [ 33 ]

.text ...

.text win32k.sys!EngPaint + 9 BF82C755 155 Bytes [ C2, 50, FF, 75, 14, 33, C0, ... ]

.text win32k.sys!EngPaint + A5 BF82C7F1 10 Bytes [ 9F, D0, 00, 00, 00, FF, 15, ... ]

.text win32k.sys!EngPaint + B0 BF82C7FC 110 Bytes [ 3B, D8, 75, A1, 8B, 45, 08, ... ]

.text win32k.sys!EngPaint + 11F BF82C86B 97 Bytes [ FF, 85, C0, 74, 0C, E8, 82, ... ]

.text win32k.sys!EngPaint + 181 BF82C8CD 28 Bytes [ FF, 85, C0, 74, 0C, E8, 8B, ... ]

.text ...

.text win32k.sys!EngLpkInstalled + 1 BF82DDE0 10 Bytes [ 81, C4, 00, 00, 00, 8B, 91, ... ]

.text win32k.sys!EngLpkInstalled + C BF82DDEB 16 Bytes [ 89, 10, 8B, 91, B4, 00, 00, ... ]

.text win32k.sys!EngLpkInstalled + 1D BF82DDFC 2 Bytes [ 91, B8 ]

.text win32k.sys!EngLpkInstalled + 22 BF82DE01 14 Bytes [ 89, 50, 04, 8B, 81, CC, 00, ... ]

.text win32k.sys!EngLpkInstalled + 31 BF82DE10 43 Bytes [ 30, 81, E6, FF, FF, FF, 00, ... ]

.text ...

.text win32k.sys!EngBitBlt + 3B BF82F6B7 57 Bytes [ 45, 30, FF, 47, 38, B9, AA, ... ]

.text win32k.sys!EngBitBlt + 75 BF82F6F1 2 Bytes [ 51, FF ]

.text win32k.sys!EngBitBlt + 78 BF82F6F4 21 Bytes [ 14, FF, 75, 1C, 57, E8, AB, ... ]

.text win32k.sys!EngBitBlt + 8F BF82F70B 1 Byte [ 00 ]

.text win32k.sys!EngBitBlt + 91 BF82F70D 4 Bytes [ 0F, 85, CA, FE ]

.text ...

.text win32k.sys!EngUnlockSurface + E BF82FBEB 26 Bytes CALL BF80495D \SystemRoot\System32\win32k.sys

.text win32k.sys!EngUnlockSurface + 29 BF82FC06 65 Bytes [ 00, 33, C0, 3B, 35, 6C, 4F, ... ]

.text win32k.sys!EngUnlockSurface + 6D BF82FC4A 4 Bytes [ 21, 08, EB, F8 ]

.text win32k.sys!EngUnlockSurface + 72 BF82FC4F 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]

.text win32k.sys!EngUnlockSurface + 7A BF82FC57 93 Bytes [ EC, 51, 83, 65, FC, 00, 56, ... ]

.text win32k.sys!EngLockSurface + 46 BF82FCB5 13 Bytes [ 78, 2C, 83, 7D, 18, 00, 75, ... ]

.text win32k.sys!EngLockSurface + 54 BF82FCC3 50 Bytes [ 85, C9, 74, 23, 3B, 78, 2C, ... ]

.text win32k.sys!EngLockSurface + 87 BF82FCF6 50 Bytes [ 3A, 00, 00, 00, 85, C0, 75, ... ]

.text win32k.sys!EngLockSurface + BA BF82FD29 16 Bytes [ C3, 5B, C9, C2, 0C, 00, 90, ... ]

.text win32k.sys!EngLockSurface + CB BF82FD3A 81 Bytes [ 75, 1C, FF, 75, 18, FF, 75, ... ]

.text win32k.sys!EngCreateBitmap + 3C BF82FD8C 21 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]

.text win32k.sys!EngCreateBitmap + 52 BF82FDA2 27 Bytes [ 57, 8B, 39, 0B, 3A, 83, C1, ... ]

.text win32k.sys!EngCreateBitmap + 6E BF82FDBE 32 Bytes JMP BF82FE7A \SystemRoot\System32\win32k.sys

.text win32k.sys!EngCreateBitmap + 8F BF82FDDF 96 Bytes [ 53, 56, 57, 8B, 45, 10, 8B, ... ]

.text win32k.sys!EngCreateBitmap + F1 BF82FE41 15 Bytes [ FF, 4D, F4, 75, DB, EB, A6, ... ]

.text ...

.text win32k.sys!CLIPOBJ_cEnumStart + 4 BF836A60 4 Bytes [ 55, 08, 8B, 01 ]

.text win32k.sys!CLIPOBJ_cEnumStart + 9 BF836A65 14 Bytes [ 32, 05, 18, 02, 00, 00, 85, ... ]

.text win32k.sys!CLIPOBJ_cEnumStart + 19 BF836A75 4 Bytes [ EB, C9, 90, 90 ]

.text win32k.sys!CLIPOBJ_cEnumStart + 20 BF836A7C 24 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]

.text win32k.sys!CLIPOBJ_bEnum + 17 BF836A95 4 Bytes [ 5D, C2, 14, 00 ]

.text win32k.sys!CLIPOBJ_bEnum + 1C BF836A9A 12 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]

.text win32k.sys!CLIPOBJ_bEnum + 29 BF836AA7 1 Byte [ 4D ]

.text win32k.sys!CLIPOBJ_bEnum + 2B BF836AA9 60 Bytes CALL BF836C2C \SystemRoot\System32\win32k.sys

.text win32k.sys!CLIPOBJ_bEnum + 68 BF836AE6 3 Bytes [ 89, 46, 14 ]

.text ...

.text win32k.sys!EngCopyBits + 2A BF839BF9 11 Bytes [ 00, 53, 8B, 5D, 0C, 8B, C3, ... ]

.text win32k.sys!EngCopyBits + 36 BF839C05 147 Bytes [ 4B, F0, 23, C1, 66, 83, 7B, ... ]

.text win32k.sys!EngCopyBits + CB BF839C9A 118 Bytes [ 01, 00, 00, 00, 8D, BD, 08, ... ]

.text win32k.sys!EngCopyBits + 142 BF839D11 17 Bytes [ 9A, 99, BF, 89, 45, E8, 33, ... ]

.text win32k.sys!EngCopyBits + 154 BF839D23 23 Bytes [ B5, 04, FE, FF, FF, 89, 75, ... ]

.text ...

.text win32k.sys!EngMapFontFileFD + 19 BF83A1B1 2 Bytes [ EB, F4 ]

.text win32k.sys!EngMapFontFileFD + 1E BF83A1B6 5 Bytes [ 90, 90, 8B, FF, 55 ]

.text win32k.sys!EngMapFontFileFD + 24 BF83A1BC 60 Bytes [ EC, 6A, 01, FF, 75, 10, FF, ... ]

.text win32k.sys!EngMapFontFileFD + 61 BF83A1F9 116 Bytes [ 33, C0, EB, F8, 89, 7D, FC, ... ]

.text win32k.sys!EngMapFontFileFD + D6 BF83A26E 247 Bytes [ 35, 68, 4E, 9A, BF, 33, C0, ... ]

.text ...

.text win32k.sys!EngUnmapFontFileFD + 4 BF83A3B7 13 Bytes [ F0, 8D, 7D, E0, F3, A5, 5F, ... ]

.text win32k.sys!EngUnmapFontFileFD + 12 BF83A3C5 138 Bytes [ 58, 0C, 75, 35, 89, 58, 14, ... ]

.text win32k.sys!EngUnmapFontFileFD + 9D BF83A450 43 Bytes [ 85, C0, 0F, 84, FC, 02, 00, ... ]

.text win32k.sys!EngUnmapFontFileFD + C9 BF83A47C 27 Bytes [ 89, 10, 83, C0, 04, 49, 0F, ... ]

.text win32k.sys!EngUnmapFontFileFD + E5 BF83A498 4 Bytes JMP BF83A788 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngCreateSemaphore + 40 BF854724 1 Byte [ 00 ]

.text win32k.sys!EngCreateSemaphore + 42 BF854726 17 Bytes [ 03, 89, 88, F0, 02, 00, 00, ... ]

.text win32k.sys!EngCreateSemaphore + 54 BF854738 21 Bytes [ 00, 8B, 03, 89, 88, F8, 02, ... ]

.text win32k.sys!EngCreateSemaphore + 6A BF85474E 42 Bytes [ 00, 8D, 04, 40, 6A, 48, C1, ... ]

.text win32k.sys!EngCreateSemaphore + 95 BF854779 20 Bytes [ 01, 8B, 0B, 81, C1, C8, 03, ... ]

.text ...

.text win32k.sys!EngDeviceIoControl + 2 BF859EA1 6 Bytes [ 8B, F0, E8, C3, 72, FA ]

.text win32k.sys!EngDeviceIoControl + 9 BF859EA8 26 Bytes [ 8B, C6, 5B, 5F, 5E, C9, C2, ... ]

.text win32k.sys!EngDeviceIoControl + 24 BF859EC3 80 Bytes [ 3C, 80, 0F, 84, C9, FE, FF, ... ]

.text win32k.sys!EngDeviceIoControl + 75 BF859F14 2 Bytes [ FF, FF ]

.text win32k.sys!EngDeviceIoControl + 78 BF859F17 46 Bytes CALL DB5E961F

.text ...

.text win32k.sys!EngUnicodeToMultiByteN + 2 BF85A337 4 Bytes [ FF, 0F, 85, 0B ]

.text win32k.sys!EngUnicodeToMultiByteN + 7 BF85A33C 15 Bytes [ FF, FF, F6, C3, 02, B9, FF, ... ]

.text win32k.sys!EngUnicodeToMultiByteN + 18 BF85A34D 57 Bytes [ 80, FF, FF, 0F, 8F, FF, FE, ... ]

.text win32k.sys!EngUnicodeToMultiByteN + 53 BF85A388 63 Bytes [ 39, 75, 20, 0F, 8C, F4, FE, ... ]

.text win32k.sys!EngUnicodeToMultiByteN + 93 BF85A3C8 59 Bytes [ 3B, D1, 75, 27, EB, 27, 90, ... ]

.text ...

.text win32k.sys!PATHOBJ_bEnum + 5E BF85F40B 19 Bytes [ 4D, FC, FF, 8B, 45, E4, E8, ... ]

.text win32k.sys!PATHOBJ_bEnum + 72 BF85F41F 13 Bytes [ 38, FF, 75, 18, FF, 75, 14, ... ]

.text win32k.sys!PATHOBJ_bEnum + 82 BF85F42F 48 Bytes CALL BF8C48EB \SystemRoot\System32\win32k.sys

.text win32k.sys!PATHOBJ_bEnum + B3 BF85F460 54 Bytes [ 74, 24, 0F, B6, 45, 3A, 3B, ... ]

.text win32k.sys!PATHOBJ_bEnum + EB BF85F498 59 Bytes JMP BF85FE04 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngComputeGlyphSet + 1E BF862C93 8 Bytes [ EB, 57, B8, D4, 70, 96, BF, ... ]

.text win32k.sys!EngComputeGlyphSet + 27 BF862C9C 55 Bytes [ 8B, C1, 2B, C2, 74, F3, 48, ... ]

.text win32k.sys!EngComputeGlyphSet + 5F BF862CD4 55 Bytes [ 1B, 48, 74, 28, 48, 74, 32, ... ]

.text win32k.sys!EngMultiByteToWideChar + 14 BF862D0C 57 Bytes [ FF, 8B, C1, 2B, C2, 74, 0A, ... ]

.text win32k.sys!EngMultiByteToWideChar + 4E BF862D46 54 Bytes [ 70, 14, 57, 8B, 78, 10, 89, ... ]

.text win32k.sys!EngMultiByteToWideChar + 85 BF862D7D 17 Bytes [ 4D, F8, 74, 08, 03, 48, 1C, ... ]

.text win32k.sys!EngMultiByteToWideChar + 98 BF862D90 147 Bytes JMP BF862EE0 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngMultiByteToWideChar + 12C BF862E24 51 Bytes CALL BF802AAC \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngStretchBlt + 4C BF863957 22 Bytes CALL 7585897B

.text win32k.sys!EngStretchBlt + 63 BF86396E 7 Bytes [ FF, FF, B5, C0, FD, FF, FF ]

.text win32k.sys!EngStretchBlt + 6B BF863976 12 Bytes [ 75, 10, 56, FF, B5, C4, FD, ... ]

.text win32k.sys!EngStretchBlt + 78 BF863983 30 Bytes [ FF, 83, 4D, FC, FF, 8D, 85, ... ]

.text win32k.sys!EngStretchBlt + 97 BF8639A2 69 Bytes [ 0F, 85, 22, FD, FF, FF, 8D, ... ]

.text ...

.text win32k.sys!EngCreatePalette + 51 BF867175 54 Bytes CALL 0F88DBCA

.text win32k.sys!EngCreatePalette + 88 BF8671AC 6 Bytes [ 84, 4F, 01, 00, 00, 57 ]

.text win32k.sys!EngCreatePalette + 8F BF8671B3 31 Bytes [ 75, 14, 8D, 45, F8, FF, 75, ... ]

.text win32k.sys!EngCreatePalette + AF BF8671D3 5 Bytes JMP BF867300 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngCreatePalette + B5 BF8671D9 25 Bytes [ 4D, C8, 8B, 01, 89, 45, CC, ... ]

.text ...

.text win32k.sys!EngEraseSurface + 4 BF870E13 183 Bytes [ C7, 83, E0, 0F, 50, 56, E8, ... ]

.text win32k.sys!EngEraseSurface + BE BF870ECD 17 Bytes JMP BF871184 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngEraseSurface + D0 BF870EDF 28 Bytes JMP BF87138C \SystemRoot\System32\win32k.sys

.text win32k.sys!EngEraseSurface + ED BF870EFC 29 Bytes [ 00, 00, C6, 05, 34, 35, 9A, ... ]

.text win32k.sys!EngEraseSurface + 10B BF870F1A 46 Bytes [ 3B, C7, 89, 46, 34, 0F, 84, ... ]

.text ...

.text win32k.sys!EngCreateDeviceSurface + 6 BF876AAF 71 Bytes [ 45, 0C, C7, 00, 02, 00, 00, ... ]

.text win32k.sys!EngCreateDeviceSurface + 4E BF876AF7 228 Bytes [ FF, 3D, 66, 79, 6C, 67, 0F, ... ]

.text win32k.sys!EngCreateDeviceSurface + 133 BF876BDC 34 Bytes JMP BF876B14 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngCreateDeviceSurface + 157 BF876C00 6 Bytes [ 85, C0, 0F, 84, 2D, 15 ]

.text win32k.sys!EngCreateDeviceSurface + 15E BF876C07 5 Bytes [ 00, 85, DB, 74, 77 ]

.text ...

.text win32k.sys!EngGetCurrentCodePage BF87A87A 22 Bytes [ 90, 90, 33, C0, 40, C3, 90, ... ]

.text win32k.sys!EngGetCurrentCodePage + 1A BF87A894 26 Bytes [ 90, 6A, 20, 68, 98, D5, 98, ... ]

.text win32k.sys!EngGetCurrentCodePage + 35 BF87A8AF 66 Bytes [ 75, 0C, FF, 75, 08, E8, 26, ... ]

.text win32k.sys!EngGetCurrentCodePage + 78 BF87A8F2 42 Bytes [ F9, 39, 77, 04, 46, 46, EB, ... ]

.text win32k.sys!EngGetCurrentCodePage + A3 BF87A91D 9 Bytes [ 15, 8C, B3, 98, BF, EB, A0, ... ]

.text ...

.text win32k.sys!EngFntCacheLookUp + 74 BF888301 42 Bytes JMP BF887892 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngFntCacheLookUp + 9F BF88832C 104 Bytes [ 8B, EC, 81, EC, 68, 08, 00, ... ]

.text win32k.sys!EngFntCacheLookUp + 108 BF888395 8 Bytes CALL 4D124332

.text win32k.sys!EngFntCacheLookUp + 111 BF88839E 10 Bytes [ 89, B5, A8, F7, FF, FF, 89, ... ]

.text win32k.sys!EngFntCacheLookUp + 11C BF8883A9 156 Bytes [ FF, 89, B5, B0, F7, FF, FF, ... ]

.text ...

.text win32k.sys!EngFntCacheAlloc + 32 BF888786 283 Bytes [ 76, 0C, 6A, 09, 57, E8, 61, ... ]

.text win32k.sys!EngFntCacheAlloc + 14E BF8888A2 173 Bytes [ FF, 55, 8B, EC, 6A, 00, 68, ... ]

.text win32k.sys!EngFntCacheAlloc + 1FC BF888950 26 Bytes [ A1, B4, 92, 99, BF, 53, 56, ... ]

.text win32k.sys!EngFntCacheAlloc + 217 BF88896B 13 Bytes [ 8B, 00, 33, F6, 57, 46, 6A, ... ]

.text win32k.sys!EngFntCacheAlloc + 225 BF888979 88 Bytes [ 89, 85, F0, FD, FF, FF, E8, ... ]

.text ...

.text win32k.sys!EngWideCharToMultiByte + 78 BF889E64 289 Bytes [ 4E, 3E, 33, D2, 8B, C1, F7, ... ]

.text win32k.sys!EngWideCharToMultiByte + 19A BF889F86 3 Bytes CALL BF886F47 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngWideCharToMultiByte + 19E BF889F8A 101 Bytes [ FF, 8B, 45, 0C, 8B, 48, 0C, ... ]

.text win32k.sys!EngWideCharToMultiByte + 205 BF889FF1 16 Bytes [ F6, 46, 34, 01, 0F, 85, 90, ... ]

.text win32k.sys!EngWideCharToMultiByte + 216 BF88A002 25 Bytes [ 8E, 8C, 00, 00, 00, 0F, BF, ... ]

.text ...

.text win32k.sys!EngMultiByteToUnicodeN + 2F BF88BE07 11 Bytes [ 00, 8D, 73, 10, A5, A5, A5, ... ]

.text win32k.sys!EngMultiByteToUnicodeN + 3E BF88BE16 138 Bytes [ A1, F8, 91, 9A, BF, 56, 57, ... ]

.text win32k.sys!EngMultiByteToUnicodeN + C9 BF88BEA1 58 Bytes [ 00, A1, F8, 91, 9A, BF, 83, ... ]

.text win32k.sys!EngMultiByteToUnicodeN + 104 BF88BEDC 173 Bytes [ 8B, 88, D8, 05, 00, 00, D1, ... ]

.text win32k.sys!EngMultiByteToUnicodeN + 1B2 BF88BF8A 62 Bytes JMP BF88C483 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngFindImageProcAddress + 8 BF88FA2F 4 Bytes [ FF, 55, 8B, EC ]

.text win32k.sys!EngFindImageProcAddress + D BF88FA34 36 Bytes [ 8B, 75, 08, 68, 47, 70, 66, ... ]

.text win32k.sys!EngFindImageProcAddress + 32 BF88FA59 49 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]

.text win32k.sys!EngFindImageProcAddress + 65 BF88FA8C 44 Bytes [ E4, C7, 45, EC, 40, 00, 00, ... ]

.text win32k.sys!EngFindImageProcAddress + 93 BF88FABA 3 Bytes [ 75, 08, 8D ]

.text ...

.text win32k.sys!EngLoadImage + 49 BF88FBE6 149 Bytes [ FC, 50, 56, 57, 56, 56, 57, ... ]

.text win32k.sys!EngLoadImage + DF BF88FC7C 11 Bytes [ 8D, 74, 36, FE, 56, 57, 53, ... ]

.text win32k.sys!EngLoadImage + EB BF88FC88 42 Bytes [ 83, C4, 0C, 66, 83, 24, 1E, ... ]

.text win32k.sys!EngLoadImage + 116 BF88FCB3 257 Bytes [ 00, 00, C6, 46, 40, 01, C6, ... ]

.text win32k.sys!EngLoadImage + 218 BF88FDB5 95 Bytes [ F6, 3B, C6, 0F, 84, 62, FB, ... ]

.text ...

.text win32k.sys!EngQueryPerformanceFrequency + 45 BF891A9B 38 Bytes CALL BF805A1B \SystemRoot\System32\win32k.sys

.text win32k.sys!EngQueryPerformanceFrequency + 6C BF891AC2 8 Bytes [ 85, 08, EE, FF, FF, 81, 7E, ... ]

.text win32k.sys!EngQueryPerformanceFrequency + 75 BF891ACB 65 Bytes [ 04, 00, 00, 0F, 85, FB, ED, ... ]

.text win32k.sys!EngQueryPerformanceFrequency + B7 BF891B0D 76 Bytes [ 46, 04, 89, 43, 14, 8B, 46, ... ]

.text win32k.sys!EngQueryPerformanceFrequency + 104 BF891B5A 102 Bytes [ 00, 8B, CB, 89, 83, 5C, 02, ... ]

.text ...

.text win32k.sys!EngQuerySystemAttribute + 1 BF893B43 23 Bytes [ 0D, 70, A7, 9A, BF, E8, AE, ... ]

.text win32k.sys!EngQuerySystemAttribute + 19 BF893B5B 51 Bytes [ FF, FF, FF, 73, 14, E8, 42, ... ]

.text win32k.sys!EngQuerySystemAttribute + 4D BF893B8F 32 Bytes [ 0D, 9C, A7, 9A, BF, E8, 4C, ... ]

.text win32k.sys!EngQuerySystemAttribute + 6E BF893BB0 10 Bytes CALL BF8018E3 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngQuerySystemAttribute + 79 BF893BBB 6 Bytes [ FF, C7, 45, 30, 01, 00 ]

.text ...

.text win32k.sys!EngFindResource + 1A BF895D78 5 Bytes [ 83, CE, FF, EB, 3B ]

.text win32k.sys!EngFindResource + 23 BF895D81 60 Bytes [ 90, 8B, FF, 55, 8B, EC, E8, ... ]

.text win32k.sys!EngFindResource + 60 BF895DBE 52 Bytes [ C6, 5E, 5D, C2, 14, 00, 90, ... ]

.text win32k.sys!EngFindResource + 95 BF895DF3 30 Bytes [ 00, 56, 33, F6, 39, 35, 74, ... ]

.text win32k.sys!EngFindResource + B6 BF895E14 6 Bytes [ 10, 0F, 85, 28, FF, FF ]

.text ...

.text win32k.sys!EngLoadModule + 30 BF89671D 88 Bytes [ 8D, 85, 04, FE, FF, FF, 89, ... ]

.text win32k.sys!EngLoadModule + 89 BF896776 16 Bytes [ 89, 9D, 6C, FD, FF, FF, 89, ... ]

.text win32k.sys!EngLoadModule + 9A BF896787 6 Bytes [ FF, 89, 9D, 78, FD, FF ]

.text win32k.sys!EngLoadModule + A1 BF89678E 17 Bytes [ 89, 9D, 80, FD, FF, FF, 89, ... ]

.text win32k.sys!EngLoadModule + B3 BF8967A0 98 Bytes [ 89, 9D, 90, FD, FF, FF, 89, ... ]

.text ...

.text win32k.sys!EngFreeModule + 49 BF8968B4 74 Bytes [ 89, 9D, 20, FE, FF, FF, 8B, ... ]

.text win32k.sys!EngFreeModule + 95 BF896900 43 Bytes [ 40, FF, 15, F0, B4, 98, BF, ... ]

.text win32k.sys!EngFreeModule + C1 BF89692C 28 Bytes [ 8B, 00, 3B, C3, 74, 2A, 8B, ... ]

.text win32k.sys!EngFreeModule + DE BF896949 121 Bytes [ FF, 8B, B5, 0C, FE, FF, FF, ... ]

.text win32k.sys!EngFreeModule + 158 BF8969C3 7 Bytes [ 4D, E0, 89, 8F, D4, 00, 00 ]

.text ...

.text win32k.sys!EngGetLastError + BC BF89A6BF 7 Bytes [ FF, 55, 8B, EC, 83, EC, 18 ]

.text win32k.sys!EngGetLastError + C4 BF89A6C7 11 Bytes [ 45, 0C, 8B, 4D, 18, 53, 56, ... ]

.text win32k.sys!EngGetLastError + D0 BF89A6D3 50 Bytes CALL BF8B5C12 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngGetLastError + 103 BF89A706 277 Bytes [ 4D, 24, 85, C9, 74, 12, 8B, ... ]

.text win32k.sys!EngGetLastError + 219 BF89A81C 40 Bytes [ 75, 0C, 8B, 46, 0C, 57, 33, ... ]

.text ...

.text win32k.sys!EngGradientFill + 3F BF89CB05 9 Bytes [ 75, 1C, 8D, 45, C8, 50, FF, ... ]

.text win32k.sys!EngGradientFill + 49 BF89CB0F 37 Bytes [ F8, 74, 09, FF, 75, F8, FF, ... ]

.text win32k.sys!EngGradientFill + 6F BF89CB35 26 Bytes [ DB, 0F, 84, 0C, FD, FF, FF, ... ]

.text win32k.sys!EngGradientFill + 8A BF89CB50 204 Bytes [ FF, FF, 15, F4, B2, 98, BF, ... ]

.text win32k.sys!EngGradientFill + 157 BF89CC1D 95 Bytes [ D3, 84, C0, 0F, 85, 43, FF, ... ]

.text ...

.text win32k.sys!XLATEOBJ_iXlate + 11 BF8A06B1 45 Bytes JMP BF8A0A9C \SystemRoot\System32\win32k.sys

.text win32k.sys!XLATEOBJ_iXlate + 3F BF8A06DF 10 Bytes [ 00, 00, 89, 45, E0, 8B, 83, ... ]

.text win32k.sys!XLATEOBJ_iXlate + 4A BF8A06EA 32 Bytes [ 8D, 4D, E0, 51, 8D, 4E, 10, ... ]

.text win32k.sys!XLATEOBJ_iXlate + 6B BF8A070B 9 Bytes [ 83, A8, 01, 00, 00, 8D, 4D, ... ]

.text win32k.sys!XLATEOBJ_iXlate + 75 BF8A0715 2 Bytes [ 4E, 08 ]

.text ...

.text win32k.sys!EngStretchBltROP + 37 BF8A2FD9 34 Bytes [ 0F, B7, 4A, 10, 3B, F1, 0F, ... ]

.text win32k.sys!EngStretchBltROP + 5A BF8A2FFC 43 Bytes [ 3D, 8B, 15, B4, 79, 9A, BF, ... ]

.text win32k.sys!EngStretchBltROP + 86 BF8A3028 29 Bytes [ 8B, 57, 04, 89, 04, B2, 8B, ... ]

.text win32k.sys!EngStretchBltROP + A4 BF8A3046 21 Bytes [ 15, F4, 79, 9A, BF, 8B, D0, ... ]

.text win32k.sys!EngStretchBltROP + BA BF8A305C 32 Bytes [ CF, FF, 15, F0, 79, 9A, BF, ... ]

.text ...

.text win32k.sys!STROBJ_vEnumStart + 4C BF8A3D82 59 Bytes [ 0C, 97, 33, C0, 8A, 61, FC, ... ]

.text win32k.sys!STROBJ_vEnumStart + 88 BF8A3DBE 28 Bytes [ 55, 8B, EC, 8B, 45, 10, 56, ... ]

.text win32k.sys!STROBJ_vEnumStart + A5 BF8A3DDB 2 Bytes [ 55, 14 ]

.text win32k.sys!STROBJ_vEnumStart + A8 BF8A3DDE 6 Bytes [ 45, 0C, 52, 50, 8B, D6 ]

.text win32k.sys!STROBJ_vEnumStart + AF BF8A3DE5 10 Bytes CALL BF8A3E2C \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngTextOut + 38 BF8A44A5 35 Bytes [ 40, 10, 85, C0, 74, 71, 8B, ... ]

.text win32k.sys!EngTextOut + 5C BF8A44C9 123 Bytes [ 55, 8B, EC, 51, 53, 56, 8B, ... ]

.text win32k.sys!EngTextOut + D8 BF8A4545 138 Bytes [ FF, FF, 39, 70, 10, 74, 09, ... ]

.text win32k.sys!EngTextOut + 164 BF8A45D1 4 Bytes [ FF, B6, 98, 00 ]

.text win32k.sys!EngTextOut + 16A BF8A45D7 80 Bytes [ FF, B6, 94, 00, 00, 00, E8, ... ]

.text ...

.text win32k.sys!EngAllocMem + 3F BF8A63B6 67 Bytes CALL F815BABF

.text win32k.sys!EngFreeMem + 2D BF8A63FB 2 Bytes [ CC, 79 ]

.text win32k.sys!EngFreeMem + 31 BF8A63FF 46 Bytes [ 83, C4, 08, 8B, F0, EB, DB, ... ]

.text win32k.sys!EngFreeMem + 60 BF8A642E 21 Bytes [ 3E, 8B, CA, 2B, CF, C1, F9, ... ]

.text win32k.sys!EngFreeMem + 76 BF8A6444 95 Bytes [ 15, C0, 79, 9A, BF, 75, 08, ... ]

.text win32k.sys!EngFreeMem + D6 BF8A64A4 82 Bytes [ 00, 5E, C3, 90, 90, 90, 90, ... ]

.text ...

.text win32k.sys!XFORMOBJ_iGetXform + 17 BF8B1135 30 Bytes [ EC, 83, EC, 50, 53, 56, 57, ... ]

.text win32k.sys!XFORMOBJ_iGetXform + 36 BF8B1154 17 Bytes [ 89, 45, FC, 8B, 47, 40, 85, ... ]

.text win32k.sys!FONTOBJ_pxoGetXform + 6 BF8B1166 4 Bytes [ 87, 9C, 00, 00 ]

.text win32k.sys!FONTOBJ_pxoGetXform + B BF8B116B 47 Bytes [ 8B, 48, 10, 8B, 87, B8, 00, ... ]

.text win32k.sys!FONTOBJ_pxoGetXform + 3B BF8B119B 118 Bytes [ 89, 46, 40, 8B, 47, 74, C1, ... ]

.text win32k.sys!FONTOBJ_pxoGetXform + B2 BF8B1212 25 Bytes [ 4F, 04, 0F, B7, 89, 10, 01, ... ]

.text win32k.sys!FONTOBJ_pxoGetXform + CC BF8B122C 7 Bytes [ C8, 0F, AF, 4D, F0, C1, F9 ]

.text ...

.text win32k.sys!EngModifySurface + 42 BF8BDBE6 30 Bytes [ 15, C0, B2, 98, BF, 5E, 5D, ... ]

.text win32k.sys!EngModifySurface + 61 BF8BDC05 62 Bytes [ 55, 8B, EC, 83, EC, 10, 8B, ... ]

.text win32k.sys!EngModifySurface + A0 BF8BDC44 2 Bytes [ 75, 08 ]

.text win32k.sys!EngModifySurface + A3 BF8BDC47 1 Byte [ 75 ]

.text win32k.sys!EngModifySurface + A5 BF8BDC49 199 Bytes [ FF, 15, A0, B3, 98, BF, 85, ... ]

.text ...

.text win32k.sys!EngAlphaBlend + 58 BF8BE6F5 1 Byte [ 03 ]

.text win32k.sys!EngAlphaBlend + 5A BF8BE6F7 47 Bytes [ 08, 83, 3B, 01, 99, 75, 0F, ... ]

.text win32k.sys!EngAlphaBlend + 8A BF8BE727 19 Bytes CALL 2E9BA6C5

.text win32k.sys!EngAlphaBlend + 9E BF8BE73B 55 Bytes [ DA, 0F, 62, C0, 0F, 62, C9, ... ]

.text win32k.sys!EngAlphaBlend + D6 BF8BE773 132 Bytes [ 6F, EB, 0F, 69, C9, 0F, 71, ... ]

.text ...

.text win32k.sys!PATHOBJ_vEnumStart + 4 BF8C69B2 123 Bytes [ 7D, E4, 8B, 75, 0C, 83, C7, ... ]

.text win32k.sys!PATHOBJ_vEnumStart + 80 BF8C6A2E 4 Bytes JMP BF8C68A9 \SystemRoot\System32\win32k.sys

.text win32k.sys!PATHOBJ_vEnumStart + 85 BF8C6A33 52 Bytes [ FF, 8B, 43, 20, 3B, C2, 8B, ... ]

.text win32k.sys!PATHOBJ_vEnumStart + BA BF8C6A68 62 Bytes CALL 492CB7F8

.text win32k.sys!PATHOBJ_vEnumStart + F9 BF8C6AA7 36 Bytes [ 70, 30, 8D, 45, 88, 50, 8D, ... ]

.text ...

.text win32k.sys!EngStrokePath + 83 BF8C884E 26 Bytes [ 2B, C7, 74, 69, 48, 75, B4, ... ]

.text win32k.sys!EngStrokePath + 9E BF8C8869 11 Bytes [ CF, 89, 45, FC, 8D, 45, D8, ... ]

.text win32k.sys!EngStrokePath + AA BF8C8875 53 Bytes CALL BF84C9B3 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngStrokePath + E0 BF8C88AB 3 Bytes [ 8D, 45, F8 ]

.text win32k.sys!EngStrokePath + E4 BF8C88AF 76 Bytes CALL BF84BBDB \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngSort + 22 BF8D2DAB 2 Bytes [ 5D, 24 ]

.text win32k.sys!EngSort + 25 BF8D2DAE 23 Bytes [ 78, 5C, 8B, 7D, 14, 89, 0F, ... ]

.text win32k.sys!EngSort + 3D BF8D2DC6 50 Bytes [ 48, 60, 2B, D7, 8D, 4A, 01, ... ]

.text win32k.sys!EngSort + 70 BF8D2DF9 36 Bytes CALL BF980401 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngSort + 97 BF8D2E20 131 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]

.text ...

.text win32k.sys!EngLineTo + 2E BF8D486F 70 Bytes [ 06, 83, C6, 04, C1, E0, 04, ... ]

.text win32k.sys!EngLineTo + 75 BF8D48B6 20 Bytes [ 4B, 04, 8B, 03, F7, D9, F7, ... ]

.text win32k.sys!EngLineTo + 8A BF8D48CB 320 Bytes [ 0F, 80, F9, 00, 00, 00, D3, ... ]

.text win32k.sys!EngLineTo + 1CB BF8D4A0C 128 Bytes [ F9, 3F, 72, 07, 33, C0, E9, ... ]

.text win32k.sys!EngLineTo + 24C BF8D4A8D 126 Bytes [ 83, C4, 08, 5E, C3, 90, 90, ... ]

.text ...

.text win32k.sys!EngDeleteSemaphore + 2 BF8DFAD7 131 Bytes [ 6A, 10, 58, 2B, C2, 85, C0, ... ]

.text win32k.sys!EngDeleteSemaphore + 86 BF8DFB5B 35 Bytes [ 0C, 3B, 50, 04, 7E, F3, 8B, ... ]

.text win32k.sys!EngDeleteSemaphore + AA BF8DFB7F 14 Bytes [ 39, 70, 0C, 7D, 03, 8D, 48, ... ]

.text win32k.sys!EngDeleteSemaphore + B9 BF8DFB8E 307 Bytes [ 49, 04, 33, C0, 83, C1, 0F, ... ]

.text win32k.sys!EngDeleteSemaphore + 1ED BF8DFCC2 39 Bytes [ DC, 3B, D1, 7C, 02, 8B, CA, ... ]

.text ...

.text win32k.sys!EngFillPath + 2 BF8E485F 33 Bytes [ 75, F8, 50, FF, 75, 08, E8, ... ]

.text win32k.sys!EngFillPath + 24 BF8E4881 3 Bytes [ FF, 75, 08 ]

.text win32k.sys!EngFillPath + 28 BF8E4885 4 Bytes [ CF, E1, F7, FF ]

.text win32k.sys!EngFillPath + 2D BF8E488A 64 Bytes [ 46, 2C, 2B, 46, 34, 8B, 4D, ... ]

.text win32k.sys!EngFillPath + 6E BF8E48CB 54 Bytes [ 74, 1E, 85, DB, 75, 49, 8B, ... ]

.text ...

.text win32k.sys!PATHOBJ_vGetBounds + 2C BF8E66B9 108 Bytes [ FF, 35, C0, 92, 9A, BF, FF, ... ]

.text win32k.sys!PATHOBJ_vGetBounds + 99 BF8E6726 447 Bytes [ 46, 4C, 3B, C7, 75, 08, 8B, ... ]

.text win32k.sys!PATHOBJ_vGetBounds + 259 BF8E68E6 5 Bytes [ 00, 00, 00, E9, 2D ]

.text win32k.sys!PATHOBJ_vGetBounds + 25F BF8E68EC 46 Bytes [ 00, 00, 0D, 00, 01, 00, 00, ... ]

.text win32k.sys!PATHOBJ_vGetBounds + 28F BF8E691C 6 Bytes [ EC, 50, 8B, 43, 4C, 6B ]

.text ...

.text win32k.sys!PATHOBJ_bMoveTo + F BF8EBC98 3 Bytes [ 4A, 8A, FD ]

.text win32k.sys!PATHOBJ_bMoveTo + 13 BF8EBC9C 10 Bytes [ 8B, 85, E0, FD, FF, FF, E9, ... ]

.text win32k.sys!PATHOBJ_bPolyLineTo + 2 BF8EBCA7 64 Bytes [ 90, 90, 90, 90, 90, 8B, 45, ... ]

.text win32k.sys!PATHOBJ_bPolyLineTo + 43 BF8EBCE8 94 Bytes [ 75, 0C, 85, F6, 75, 49, 8B, ... ]

.text win32k.sys!PATHOBJ_bPolyLineTo + A2 BF8EBD47 92 Bytes [ F0, 8D, 7D, CC, A5, A5, A5, ... ]

.text win32k.sys!PATHOBJ_bPolyLineTo + FF BF8EBDA4 2 Bytes [ 66, 28 ]

.text win32k.sys!PATHOBJ_bPolyLineTo + 102 BF8EBDA7 14 Bytes [ 5E, 5D, C2, 04, 00, 33, F6, ... ]

.text ...

.text win32k.sys!PATHOBJ_bCloseFigure + B BF8EC111 31 Bytes [ C0, 40, C3, 90, 90, 90, 90, ... ]

.text win32k.sys!PATHOBJ_bCloseFigure + 2B BF8EC131 45 Bytes [ F8, 0A, 76, 09, 83, F8, 1E, ... ]

.text win32k.sys!PATHOBJ_bCloseFigure + 59 BF8EC15F 3 Bytes [ 65, 4A, F1 ]

.text win32k.sys!PATHOBJ_bCloseFigure + 5D BF8EC163 43 Bytes CALL BF8375B6 \SystemRoot\System32\win32k.sys

.text win32k.sys!PATHOBJ_bCloseFigure + 89 BF8EC18F 31 Bytes [ 0F, B7, 4E, 2A, 81, E1, FF, ... ]

.text ...

.text win32k.sys!EngDeletePalette + 7 BF8F9E15 131 Bytes JMP BF8F9ED5 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngDeletePalette + 8B BF8F9E99 70 Bytes [ 8B, F8, 85, FF, 74, 85, 68, ... ]

.text win32k.sys!EngDeletePalette + D2 BF8F9EE0 41 Bytes [ 45, 14, 89, 47, 08, 74, 0D, ... ]

.text win32k.sys!EngDeletePalette + FC BF8F9F0A 43 Bytes [ 1D, FF, FF, FF, 33, C0, 40, ... ]

.text win32k.sys!EngDeletePalette + 128 BF8F9F36 44 Bytes [ 80, 58, 01, 00, 00, 8B, 40, ... ]

.text ...

.text win32k.sys!FONTOBJ_pifi + 1C BF8FAEDD 1 Byte [ DC ]

.text win32k.sys!FONTOBJ_pifi + 1E BF8FAEDF 3 Bytes [ 1D, FE, FF ]

.text win32k.sys!FONTOBJ_pifi + 22 BF8FAEE3 169 Bytes [ 89, 45, E0, 8B, 4D, DC, 83, ... ]

.text win32k.sys!FONTOBJ_pifi + CC BF8FAF8D 35 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]

.text win32k.sys!FONTOBJ_pifi + F0 BF8FAFB1 1 Byte [ C9 ]

.text ...

.text win32k.sys!EngAllocUserMem + 1A BF8FC1B6 32 Bytes [ 53, FF, 75, 0C, 51, FF, D0, ... ]

.text win32k.sys!EngAllocUserMem + 3B BF8FC1D7 61 Bytes [ 83, A6, DC, 01, 00, 00, 00, ... ]

.text win32k.sys!EngAllocUserMem + 7A BF8FC216 1 Byte [ F8 ]

.text win32k.sys!EngAllocUserMem + 7C BF8FC218 87 Bytes [ 8D, 45, F4, 50, 8D, 45, EC, ... ]

.text win32k.sys!EngAllocUserMem + D4 BF8FC270 66 Bytes CALL BF8ECB14 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngMarkBandingSurface + 1 BF8FC764 78 Bytes [ 03, 89, 87, 2C, 06, 00, 00, ... ]

.text win32k.sys!EngMarkBandingSurface + 50 BF8FC7B3 5 Bytes [ 11, 44, F0, FF, 8D ]

.text win32k.sys!EngMarkBandingSurface + 56 BF8FC7B9 9 Bytes [ D8, 50, 8D, 45, E0, 50, FF, ... ]

.text win32k.sys!EngMarkBandingSurface + 60 BF8FC7C3 15 Bytes CALL BF8FC815 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngMarkBandingSurface + 70 BF8FC7D3 38 Bytes [ 00, 6A, 04, 6A, 08, 8B, 7D, ... ]

.text ...

.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 86 BF8FD0EB 87 Bytes CALL BF8FCCCE \SystemRoot\System32\win32k.sys

.text win32k.sys!BRUSHOBJ_ulGetBrushColor + DE BF8FD143 2 Bytes [ 75, F8 ]

.text win32k.sys!BRUSHOBJ_ulGetBrushColor + E1 BF8FD146 127 Bytes [ CE, FF, 75, F4, FF, 75, EC, ... ]

.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 161 BF8FD1C6 22 Bytes [ 3B, C7, 0F, 84, 04, 01, 00, ... ]

.text win32k.sys!BRUSHOBJ_ulGetBrushColor + 178 BF8FD1DD 9 Bytes [ 84, F0, 00, 00, 00, 83, A6, ... ]

.text ...

.text win32k.sys!EngStrokeAndFillPath + 10 BF8FEA69 80 Bytes [ 49, 34, 89, 48, 04, 5E, 5D, ... ]

.text win32k.sys!EngStrokeAndFillPath + 61 BF8FEABA 7 Bytes [ F0, 50, FF, 75, 10, E8, 2C ]

.text win32k.sys!EngStrokeAndFillPath + 69 BF8FEAC2 43 Bytes [ F1, FF, 8D, 45, F8, 50, 8D, ... ]

.text win32k.sys!EngStrokeAndFillPath + 95 BF8FEAEE 12 Bytes [ 8D, 45, F8, 50, 50, E8, 4F, ... ]

.text win32k.sys!EngStrokeAndFillPath + A2 BF8FEAFB 11 Bytes [ 8B, 55, F8, 8B, 45, 08, 89, ... ]

.text ...

.text win32k.sys!STROBJ_bEnum + A BF8FEF21 25 Bytes [ 45, FC, 5F, 5E, 5B, C9, C2, ... ]

.text win32k.sys!STROBJ_bEnum + 24 BF8FEF3B 213 Bytes [ C1, 7D, F0, 04, C1, 7D, F4, ... ]

.text win32k.sys!STROBJ_bEnum + FA BF8FF011 25 Bytes CALL BF900889 \SystemRoot\System32\win32k.sys

.text win32k.sys!STROBJ_bEnum + 114 BF8FF02B 21 Bytes [ 00, 00, 90, 90, 90, 90, 90, ... ]

.text win32k.sys!STROBJ_bEnum + 12B BF8FF042 59 Bytes [ E4, 83, 4D, FC, FF, 8B, 5D, ... ]

.text ...

.text win32k.sys!HT_Get8BPPMaskPalette + 69 BF9054BA 49 Bytes [ 00, 00, C7, 45, F8, 01, 00, ... ]

.text win32k.sys!HT_Get8BPPMaskPalette + 9C BF9054ED 43 Bytes [ 8D, 45, 08, 50, 8D, 45, F8, ... ]

.text win32k.sys!HT_Get8BPPMaskPalette + C8 BF905519 60 Bytes [ CE, FF, 75, F4, FF, 75, EC, ... ]

.text win32k.sys!HT_Get8BPPMaskPalette + 106 BF905557 80 Bytes [ 3B, F7, 74, 8B, 39, BE, C0, ... ]

.text win32k.sys!HT_Get8BPPMaskPalette + 158 BF9055A9 3 Bytes [ 10, 75, FE ]

.text ...

.text win32k.sys!HT_Get8BPPFormatPalette + 16 BF905826 27 Bytes [ 00, 89, 45, 0C, 89, 45, 18, ... ]

.text win32k.sys!HT_Get8BPPFormatPalette + 32 BF905842 250 Bytes [ 00, 53, 33, DB, 81, 3E, 52, ... ]

.text win32k.sys!HT_Get8BPPFormatPalette + 12D BF90593D 82 Bytes CALL BF8E0449 \SystemRoot\System32\win32k.sys

.text win32k.sys!HT_Get8BPPFormatPalette + 180 BF905990 3 Bytes [ FC, 40, 3B ]

.text win32k.sys!HT_Get8BPPFormatPalette + 184 BF905994 10 Bytes [ 0C, 89, 45, FC, 0F, 86, 6D, ... ]

.text ...

.text win32k.sys!STROBJ_bEnumPositionsOnly + A9 BF905B5A 35 Bytes [ ED, 83, 65, 08, 00, FF, 45, ... ]

.text win32k.sys!XFORMOBJ_bApplyXform + 1E BF905B7E 38 Bytes [ FF, 55, 8B, EC, 83, EC, 18, ... ]

.text win32k.sys!XFORMOBJ_bApplyXform + 45 BF905BA5 82 Bytes [ BF, 20, A1, 07, 00, BB, 40, ... ]

.text win32k.sys!XFORMOBJ_bApplyXform + 98 BF905BF8 58 Bytes [ 03, C7, 99, F7, F9, 83, C6, ... ]

.text win32k.sys!XFORMOBJ_bApplyXform + D3 BF905C33 26 Bytes [ 90, 90, 90, 90, 33, C0, 40, ... ]

.text win32k.sys!XFORMOBJ_bApplyXform + EE BF905C4E 19 Bytes JMP BF905D0B \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!FONTOBJ_vGetInfo + 34 BF905DEC 71 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]

.text win32k.sys!FONTOBJ_vGetInfo + 7C BF905E34 5 Bytes [ 40, 34, 8B, 4D, 10 ]

.text win32k.sys!FONTOBJ_vGetInfo + 82 BF905E3A 8 Bytes [ 01, 33, C0, 5D, C2, 0C, 00, ... ]

.text win32k.sys!FONTOBJ_vGetInfo + 8B BF905E43 74 Bytes [ 10, FF, 75, 0C, 50, E8, D9, ... ]

.text win32k.sys!FONTOBJ_vGetInfo + D6 BF905E8E 80 Bytes [ 4D, 10, 8D, 3C, CE, 3B, F7, ... ]

.text ...

.text win32k.sys!FONTOBJ_cGetGlyphs + 10 BF906076 82 Bytes CALL BF8FB23F \SystemRoot\System32\win32k.sys

.text win32k.sys!FONTOBJ_cGetGlyphs + 63 BF9060C9 17 Bytes [ 56, 57, FF, 75, 18, E8, 0E, ... ]

.text win32k.sys!FONTOBJ_cGetGlyphs + 75 BF9060DB 32 Bytes [ C7, 45, FC, 01, 00, 00, 00, ... ]

.text win32k.sys!FONTOBJ_cGetGlyphs + 96 BF9060FC 5 Bytes [ 85, DB, 74, 06, 53 ]

.text win32k.sys!FONTOBJ_cGetGlyphs + 9C BF906102 3 Bytes [ A8, C9, EF ]

.text ...

.text win32k.sys!STROBJ_bGetAdvanceWidths + 65 BF906193 81 Bytes [ 40, 08, 89, 42, 08, 8B, 06, ... ]

.text win32k.sys!STROBJ_bGetAdvanceWidths + B7 BF9061E5 9 Bytes [ 89, 42, 18, EB, BF, 8B, 80, ... ]

.text win32k.sys!STROBJ_bGetAdvanceWidths + C1 BF9061EF 7 Bytes [ 00, 89, 42, 14, EB, B4, 90 ]

.text win32k.sys!STROBJ_bGetAdvanceWidths + CC BF9061FA 13 Bytes [ 8B, FF, 55, 8B, EC, 56, FF, ... ]

.text win32k.sys!STROBJ_bGetAdvanceWidths + DB BF906209 2 Bytes [ 78, B8 ]

.text ...

.text win32k.sys!BRUSHOBJ_hGetColorTransform + D BF9063FF 72 Bytes [ 85, C0, 74, 09, 8B, 45, 18, ... ]

.text win32k.sys!BRUSHOBJ_hGetColorTransform + 56 BF906448 111 Bytes [ 55, 8B, EC, FF, 15, E0, B2, ... ]

.text win32k.sys!BRUSHOBJ_hGetColorTransform + C6 BF9064B8 107 Bytes [ C0, 3B, 1E, 77, 3B, C1, E1, ... ]

.text win32k.sys!BRUSHOBJ_hGetColorTransform + 132 BF906524 106 Bytes JMP BF906618 \SystemRoot\System32\win32k.sys

.text win32k.sys!BRUSHOBJ_hGetColorTransform + 19E BF906590 1 Byte [ 00 ]

.text ...

.text win32k.sys!EngCreateDriverObj + 8 BF908095 11 Bytes [ C0, EB, F4, 90, 90, 90, 90, ... ]

.text win32k.sys!EngCreateDriverObj + 14 BF9080A1 105 Bytes [ EC, A1, 18, 3C, 9A, BF, 5D, ... ]

.text win32k.sys!EngCreateDriverObj + 7F BF90810C 22 Bytes [ 3B, 5D, D8, 0F, 8E, 73, 01, ... ]

.text win32k.sys!EngCreateDriverObj + 96 BF908123 173 Bytes [ 5D, E0, 8B, 4D, 10, 2B, DA, ... ]

.text win32k.sys!EngCreateDriverObj + 144 BF9081D1 1 Byte [ CA ]

.text ...

.text win32k.sys!EngLockDriverObj + 16 BF90825D 59 Bytes [ 83, 45, 14, 04, 49, 66, A5, ... ]

.text win32k.sys!EngDeleteDriverObj + 2D BF908299 58 Bytes [ 0C, 49, 8B, D1, C1, E9, 02, ... ]

.text win32k.sys!EngDeleteDriverObj + 68 BF9082D4 3 Bytes CALL F31C82CB

.text win32k.sys!EngDeleteDriverObj + 6C BF9082D8 63 Bytes [ 8B, 33, B8, FF, FF, FF, 7F, ... ]

.text win32k.sys!EngDeleteDriverObj + AC BF908318 2 Bytes [ 89, 45 ]

.text win32k.sys!EngDeleteDriverObj + AF BF90831B 44 Bytes [ 3B, 75, D8, 0F, 8C, 9D, 00, ... ]

.text ...

.text win32k.sys!EngGetCurrentProcessId + 35 BF9088F7 47 Bytes [ 33, C9, C1, FB, 03, C1, FE, ... ]

.text win32k.sys!EngGetCurrentProcessId + 65 BF908927 17 Bytes CALL 0D1C62B7

.text win32k.sys!EngGetCurrentProcessId + 77 BF908939 63 Bytes CALL C38970C1

.text win32k.sys!EngGetCurrentProcessId + B7 BF908979 5 Bytes [ 5C, 9D, 88, 89, 1F ]

.text win32k.sys!EngGetCurrentProcessId + BD BF90897F 66 Bytes [ 5D, D4, 83, E3, 0F, 8B, 5C, ... ]

.text ...

.text win32k.sys!PATHOBJ_vEnumStartClipLines + 2 BF90C0B4 6 Bytes [ 3F, FF, B5, CC, FD, FF ]

.text win32k.sys!PATHOBJ_vEnumStartClipLines + 9 BF90C0BB 17 Bytes [ 50, 56, FF, B5, D0, FD, FF, ... ]

.text win32k.sys!PATHOBJ_vEnumStartClipLines + 1B BF90C0CD 30 Bytes [ 8D, D8, FD, FF, FF, 8B, 01, ... ]

.text win32k.sys!PATHOBJ_bEnumClipLines + F BF90C0EC 32 Bytes [ D8, 8B, BD, E0, FD, FF, FF, ... ]

.text win32k.sys!PATHOBJ_bEnumClipLines + 30 BF90C10D 13 Bytes [ 74, 1C, 83, A5, C4, FD, FF, ... ]

.text win32k.sys!PATHOBJ_bEnumClipLines + 3E BF90C11B 89 Bytes [ 8D, 85, C4, FD, FF, FF, 50, ... ]

.text win32k.sys!PATHOBJ_bEnumClipLines + 98 BF90C175 6 Bytes JMP BF90C0F2 \SystemRoot\System32\win32k.sys

.text win32k.sys!PATHOBJ_bEnumClipLines + A0 BF90C17D 2 Bytes [ 90, 90 ]

.text ...

.text win32k.sys!EngMapFontFile + 32 BF90CA1E 75 Bytes [ 35, B8, 95, 9A, BF, 8B, 56, ... ]

.text win32k.sys!EngMapFontFile + 7E BF90CA6A 129 Bytes [ 00, 89, 41, 0C, 8B, 42, 6C, ... ]

.text win32k.sys!EngMapFontFile + 100 BF90CAEC 27 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]

.text win32k.sys!EngMapFontFile + 11D BF90CB09 6 Bytes [ 7D, 08, F6, 47, 48, 02 ]

.text win32k.sys!EngMapFontFile + 124 BF90CB10 138 Bytes [ 47, 2C, 8B, 80, 8C, 00, 00, ... ]

.text ...

.text win32k.sys!EngUnmapFontFile + 74 BF90D7FF 49 Bytes [ FF, 55, 8B, EC, 83, EC, 10, ... ]

.text win32k.sys!EngUnmapFontFile + A6 BF90D831 109 Bytes [ EB, 23, 8B, 06, 8B, 40, 34, ... ]

.text win32k.sys!EngUnmapFontFile + 114 BF90D89F 33 Bytes [ 39, 1A, 75, 18, 8B, 47, 38, ... ]

.text win32k.sys!EngUnmapFontFile + 137 BF90D8C2 27 Bytes [ 24, 89, 5E, 04, 0F, 85, 85, ... ]

.text win32k.sys!EngUnmapFontFile + 153 BF90D8DE 106 Bytes [ 75, 60, 83, C8, 01, F6, C4, ... ]

.text ...

.text win32k.sys!PALOBJ_cGetColors + 15 BF90DBB3 101 Bytes [ 8D, 45, E0, 50, 8D, 45, F8, ... ]

.text win32k.sys!PALOBJ_cGetColors + 7B BF90DC19 22 Bytes CALL BF8B5A2A \SystemRoot\System32\win32k.sys

.text win32k.sys!PALOBJ_cGetColors + 92 BF90DC30 78 Bytes [ 75, 1C, FF, 75, EC, 8D, 7D, ... ]

.text win32k.sys!PALOBJ_cGetColors + E1 BF90DC7F 2 Bytes [ 8B, 45 ]

.text win32k.sys!PALOBJ_cGetColors + E4 BF90DC82 20 Bytes [ 48, 74, 18, 48, 75, 24, 8B, ... ]

.text ...

.text win32k.sys!EngCreateClip + EF BF9107E9 2 Bytes [ E3, 0D ]

.text win32k.sys!EngCreateClip + F3 BF9107ED 8 Bytes [ 8B, F0, 33, DB, 3B, F3, 0F, ... ]

.text win32k.sys!EngCreateClip + FC BF9107F6 61 Bytes [ 00, 00, 00, A1, B8, 95, 9A, ... ]

.text win32k.sys!EngCreateClip + 13A BF910834 35 Bytes [ 8B, D8, 85, DB, 74, 4A, C7, ... ]

.text win32k.sys!EngCreateClip + 15E BF910858 12 Bytes [ AF, 60, 07, 00, C3, 90, 90, ... ]

.text ...

.text win32k.sys!XFORMOBJ_iGetFloatObjXform + 16 BF932BB1 5 Bytes [ 90, 90, 90, 90, 90 ]

.text win32k.sys!XFORMOBJ_iGetFloatObjXform + 1C BF932BB7 124 Bytes [ FF, 55, 8B, EC, A1, 18, 3C, ... ]

.text win32k.sys!FLOATOBJ_GetLong + 7 BF932C34 23 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]

.text win32k.sys!FLOATOBJ_AddFloat BF932C4C 108 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]

.text win32k.sys!FLOATOBJ_SubFloat + 5 BF932CC3 6 Bytes [ A1, 18, 3C, 9A, BF, 5D ]

.text win32k.sys!FLOATOBJ_SubFloat + C BF932CCA 11 Bytes [ A0, 4C, 02, 00, 00, 90, 90, ... ]

.text win32k.sys!FLOATOBJ_SubFloat + 18 BF932CD6 9 Bytes [ 55, 8B, EC, A1, 18, 3C, 9A, ... ]

.text win32k.sys!FLOATOBJ_SubFloat + 22 BF932CE0 3 Bytes [ A0, 54, 02 ]

.text win32k.sys!FLOATOBJ_SubFloat + 26 BF932CE4 1 Byte [ 00 ]

.text win32k.sys!FLOATOBJ_SubLong BF932CE9 40 Bytes [ 90, 8B, FF, 55, 8B, EC, A1, ... ]

.text win32k.sys!FLOATOBJ_Sub BF932D14 23 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]

.text win32k.sys!FLOATOBJ_Sub + 18 BF932D2C 42 Bytes [ 8B, FF, 55, 8B, EC, A1, 18, ... ]

.text win32k.sys!FLOATOBJ_MulFloat + 28 BF932D58 3 Bytes [ 8B, FF, 55 ]

.text win32k.sys!FLOATOBJ_MulLong + 1 BF932D5C 37 Bytes [ EC, A1, 18, 3C, 9A, BF, 5D, ... ]

.text win32k.sys!FLOATOBJ_MulLong + 29 BF932D84 30 Bytes [ 8B, FF, 55, 8B, EC, A1, 18, ... ]

.text win32k.sys!FLOATOBJ_DivFloat + 1 BF932DA3 108 Bytes [ 06, 8B, 48, 50, 3B, C8, 57, ... ]

.text win32k.sys!FLOATOBJ_Div + 19 BF932E11 3 Bytes [ 8B, FF, 55 ]

.text win32k.sys!FLOATOBJ_Neg + 1 BF932E15 4 Bytes [ EC, 8B, 4D, 0C ]

.text win32k.sys!FLOATOBJ_Neg + 6 BF932E1A 1 Byte [ 55 ]

.text win32k.sys!FLOATOBJ_Neg + 8 BF932E1C 98 Bytes [ 33, C0, 49, 74, 15, 49, 74, ... ]

.text win32k.sys!FLOATOBJ_GreaterThanLong + 11 BF932E7F 33 Bytes [ 76, 4C, 89, 7D, FC, 89, 7D, ... ]

.text win32k.sys!FLOATOBJ_GreaterThanLong + 33 BF932EA1 16 Bytes [ 45, E4, EB, E2, C7, 45, D8, ... ]

.text win32k.sys!FLOATOBJ_GreaterThanLong + 45 BF932EB3 32 Bytes [ 33, C0, 40, C3, 90, 90, 90, ... ]

.text win32k.sys!FLOATOBJ_LessThanLong + 1E BF932ED4 9 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]

.text win32k.sys!FLOATOBJ_LessThanLong + 28 BF932EDE 26 Bytes CALL BF804BC5 \SystemRoot\System32\win32k.sys

.text win32k.sys!FLOATOBJ_Equal + C BF932EFB 3 Bytes [ 9B, FE, FF ]

.text win32k.sys!FLOATOBJ_Equal + 10 BF932EFF 14 Bytes [ 46, 83, 7D, 08, 00, 74, 08, ... ]

.text win32k.sys!FLOATOBJ_GreaterThan + 6 BF932F0E 110 Bytes [ 8B, C6, 5E, 5D, C2, 08, 00, ... ]

.text win32k.sys!FLOATOBJ_LessThan + 5D BF932F7E 29 Bytes [ 06, 66, 39, 42, 40, 75, 65, ... ]

.text win32k.sys!FLOATOBJ_LessThan + 7B BF932F9C 16 Bytes [ EB, 05, B9, 60, F6, 82, BF, ... ]

.text win32k.sys!FLOATOBJ_LessThan + 8D BF932FAE 36 Bytes [ 24, FF, 75, 20, FF, 75, 1C, ... ]

.text win32k.sys!FLOATOBJ_LessThan + B2 BF932FD3 148 Bytes [ 20, FF, 75, 1C, FF, 75, 18, ... ]

.text win32k.sys!FLOATOBJ_LessThan + 147 BF933068 51 Bytes [ 75, D8, 39, 75, F4, 7D, 15, ... ]

.text ...

.text win32k.sys!CLIPOBJ_ppoGetPath + 6 BF933230 25 Bytes [ 45, EC, F6, 40, 20, 80, 74, ... ]

.text win32k.sys!EngGetCurrentThreadId + 2 BF93324A 208 Bytes [ 73, 48, 74, 0B, 8B, 45, EC, ... ]

.text win32k.sys!EngProbeForRead + 4 BF93331B 111 Bytes [ 46, 18, 85, C0, 74, 3B, 50, ... ]

.text win32k.sys!EngAllocSectionMem + 35 BF93338B 26 Bytes [ 46, 38, 8B, 41, 0C, 89, 46, ... ]

.text win32k.sys!EngAllocSectionMem + 50 BF9333A6 108 Bytes [ 46, 48, 8B, 41, 18, 03, 41, ... ]

.text win32k.sys!EngFreeSectionMem + 25 BF933413 133 Bytes CALL 63D8FB68

.text win32k.sys!EngMapSection + 81 BF933499 61 Bytes [ D6, 85, C0, 0F, 8C, 99, 03, ... ]

.text win32k.sys!EngInitializeSafeSemaphore + 1B BF9334D7 34 Bytes [ 35, 68, 4E, 9A, BF, 89, 45, ... ]

.text win32k.sys!EngDeleteSafeSemaphore + 2 BF9334FA 45 Bytes [ 89, 1D, 2C, 3C, 9A, BF, FF, ... ]

.text win32k.sys!EngDeleteSafeSemaphore + 30 BF933528 95 Bytes [ 00, 00, 77, 0E, 8B, CE, 69, ... ]

.text win32k.sys!EngDeleteSafeSemaphore + 90 BF933588 13 Bytes [ 00, 89, 4D, F4, 29, 7D, F4, ... ]

.text win32k.sys!EngDeleteSafeSemaphore + 9E BF933596 106 Bytes [ FF, 75, E0, FF, 75, EC, 6A, ... ]

.text win32k.sys!EngDeleteSafeSemaphore + 109 BF933601 3 Bytes [ A4, 6B, F2 ]

.text ...

.text win32k.sys!EngFreePrivateUserMem + 4 BF933A5B 26 Bytes [ 40, 50, C3, 33, C0, C3, 90, ... ]

.text win32k.sys!EngDxIoctl + A BF933A77 54 Bytes CALL BF8018E5 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngUnlockDirectDrawSurface + 16 BF933AAF 3 Bytes [ 90, 90, 90 ]

.text win32k.sys!EngUnlockDirectDrawSurface + 1A BF933AB3 50 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]

.text win32k.sys!EngUnlockDirectDrawSurface + 4D BF933AE6 46 Bytes [ FF, 56, 8B, F1, 8B, 06, 83, ... ]

.text win32k.sys!EngUnlockDirectDrawSurface + 7C BF933B15 43 Bytes [ 06, 83, 78, 44, 00, 74, 11, ... ]

.text win32k.sys!EngUnlockDirectDrawSurface + A8 BF933B41 18 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]

.text ...

.text win32k.sys!EngGetType1FontList + 72 BF9345FE 58 Bytes [ FF, FF, FF, 76, 68, 50, 53, ... ]

.text win32k.sys!EngGetType1FontList + AD BF934639 16 Bytes [ 55, EC, 85, D2, 0F, B6, C0, ... ]

.text win32k.sys!EngGetType1FontList + BF BF93464B 31 Bytes [ 8B, 03, 8B, 49, 10, 3B, 88, ... ]

.text win32k.sys!EngGetType1FontList + E1 BF93466D 181 Bytes [ 08, 74, 02, 33, D2, 85, D2, ... ]

.text win32k.sys!EngQueryLocalTime + 65 BF934723 74 Bytes [ 44, BD, B0, 85, C0, 74, 06, ... ]

.text win32k.sys!EngQueryLocalTime + B0 BF93476E 34 Bytes [ F6, 83, 7D, 10, 08, 89, 75, ... ]

.text win32k.sys!EngQueryLocalTime + D3 BF934791 63 Bytes [ 00, 00, 8B, 45, 0C, 8B, 00, ... ]

.text win32k.sys!EngQueryLocalTime + 113 BF9347D1 22 Bytes [ 00, 39, 75, 20, 0F, 84, 35, ... ]

.text win32k.sys!EngQueryLocalTime + 12A BF9347E8 67 Bytes [ 3B, CE, 74, 08, 8B, 49, 4C, ... ]

.text ...

.text win32k.sys!EngCheckAbort + 27 BF934972 25 Bytes [ E1, EC, FF, 89, 45, E4, EB, ... ]

.text win32k.sys!EngCheckAbort + 41 BF93498C 11 Bytes [ CB, FF, 83, FB, FF, 0F, 84, ... ]

.text win32k.sys!EngCheckAbort + 4F BF93499A 55 Bytes CALL BF8045DD \SystemRoot\System32\win32k.sys

.text win32k.sys!EngCheckAbort + 87 BF9349D2 35 Bytes [ 8B, 4D, E0, 83, C1, 08, FF, ... ]

.text win32k.sys!EngCheckAbort + AD BF9349F8 158 Bytes [ 20, C1, E6, 03, 6A, 04, 56, ... ]

.text ...

.text win32k.sys!EngDeleteEvent + 1 BF93614A 16 Bytes [ 08, F7, C1, 00, 00, 00, 02, ... ]

.text win32k.sys!EngDeleteEvent + 12 BF93615B 12 Bytes [ 89, 08, 79, 0F, 68, 00, 01, ... ]

.text win32k.sys!EngDeleteEvent + 1F BF936168 160 Bytes [ 00, 00, 57, FF, 50, 14, 5F, ... ]

.text win32k.sys!EngMapEvent + 9C BF936209 15 Bytes [ 7F, 04, 85, FF, 75, AE, 5E, ... ]

.text win32k.sys!EngUnmapEvent + 2 BF936219 13 Bytes [ 5F, C9, C2, 0C, 00, 90, 90, ... ]

.text win32k.sys!EngUnmapEvent + 10 BF936227 12 Bytes [ EC, 83, EC, 0C, 56, 8B, 75, ... ]

.text win32k.sys!EngUnmapEvent + 1D BF936234 44 Bytes [ 75, 0C, 8D, 4D, F4, E8, 11, ... ]

.text win32k.sys!EngClearEvent BF936262 3 Bytes [ 90, 90, 90 ]

.text win32k.sys!EngClearEvent + 4 BF936266 25 Bytes [ FF, 55, 8B, EC, 83, EC, 0C, ... ]

.text win32k.sys!EngReadStateEvent + 5 BF936280 36 Bytes [ FF, 8B, 46, 68, 85, C0, 74, ... ]

.text win32k.sys!EngReadStateEvent + 2A BF9362A5 50 Bytes CALL BF936220 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngReadStateEvent + 5D BF9362D8 1 Byte [ 46 ]

.text win32k.sys!EngReadStateEvent + 5F BF9362DA 86 Bytes [ 8B, 0D, 3C, 46, 9A, BF, 57, ... ]

.text win32k.sys!EngReadStateEvent + B6 BF936331 93 Bytes [ 53, FF, 75, 14, FF, 75, 08, ... ]

.text win32k.sys!EngGetFileChangeTime + 9 BF93638F 16 Bytes [ B6, 04, 02, 00, 00, EB, 05, ... ]

.text win32k.sys!EngGetFileChangeTime + 1A BF9363A0 171 Bytes [ 57, 57, 57, 8D, 5D, F8, 53, ... ]

.text win32k.sys!EngGetFileChangeTime + C6 BF93644C 82 Bytes CALL BF8B5B52 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngGetFileChangeTime + 119 BF93649F 81 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ]

.text win32k.sys!EngGetFileChangeTime + 16B BF9364F1 41 Bytes CALL BF8B5B52 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngDeleteFile + 67 BF93666B 22 Bytes [ 89, 20, 02, 00, 00, EB, 05, ... ]

.text win32k.sys!EngDeleteFile + 7E BF936682 38 Bytes [ 75, 20, FF, 75, 1C, FF, 75, ... ]

.text win32k.sys!EngDeleteFile + A6 BF9366AA 100 Bytes [ F4, 50, 8D, 45, 08, 8D, 4D, ... ]

.text win32k.sys!EngDeleteFile + 10B BF93670F 43 Bytes [ 0C, 8B, 7D, 10, 89, 45, F4, ... ]

.text win32k.sys!EngDeleteFile + 137 BF93673B 33 Bytes [ 58, 08, 0B, 58, 04, 0B, 18, ... ]

.text ...

.text win32k.sys!EngControlSprites + 2 BF9377BE 176 Bytes [ 83, 45, 08, 04, 4E, 75, DF, ... ]

.text win32k.sys!EngControlSprites + B3 BF93786F 87 Bytes [ 39, 5D, 90, 74, 27, 8D, 4D, ... ]

.text win32k.sys!EngControlSprites + 10B BF9378C7 16 Bytes [ 39, 5D, 08, 74, B5, 8D, 4D, ... ]

.text win32k.sys!EngControlSprites + 11C BF9378D8 41 Bytes CALL BF806B60 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngControlSprites + 146 BF937902 109 Bytes CALL 3A7C6F3A

.text ...

.text win32k.sys!EngMovePointer + 19 BF938135 107 Bytes [ 7E, 0C, 74, 0E, 8B, 46, 0C, ... ]

.text win32k.sys!EngMovePointer + 85 BF9381A1 59 Bytes CALL BF852229 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngMovePointer + C1 BF9381DD 6 Bytes [ 55, 0C, 39, 90, 88, 00 ]

.text win32k.sys!EngMovePointer + C9 BF9381E5 3 Bytes [ 0F, 84, CE ]

.text win32k.sys!EngMovePointer + D0 BF9381EC 99 Bytes [ 80, 80, 00, 00, 00, 3B, C6, ... ]

.text ...

.text win32k.sys!EngSetPointerShape + 18 BF9382B6 3 Bytes [ 92, D7, EC ]

.text win32k.sys!EngSetPointerShape + 1C BF9382BA 104 Bytes [ 83, EC, 10, 8B, FC, FF, 75, ... ]

.text win32k.sys!EngSetPointerShape + 85 BF938323 9 Bytes CALL BF810365 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngSetPointerShape + 8F BF93832D 8 Bytes [ FE, 89, 7D, F8, 0F, 84, 26, ... ]

.text win32k.sys!EngSetPointerShape + 98 BF938336 63 Bytes [ 00, 56, 8D, 4D, 08, 89, 7D, ... ]

.text ...

.text win32k.sys!EngUnlockDriverObj + B BF938912 2 Bytes [ 36, D1 ]

.text win32k.sys!EngUnlockDriverObj + F BF938916 7 Bytes [ 83, EC, 10, 8B, FC, FF, 73 ]

.text win32k.sys!EngUnlockDriverObj + 17 BF93891E 13 Bytes [ 8D, 75, D8, A5, A5, A5, 8B, ... ]

.text win32k.sys!EngUnlockDriverObj + 25 BF93892C 143 Bytes [ 8B, 8B, 84, 00, 00, 00, 6A, ... ]

.text win32k.sys!EngQueryPalette + 7F BF9389BE 44 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]

.text win32k.sys!EngQueryPalette + AC BF9389EB 39 Bytes [ 45, F8, 8B, 4D, FC, 01, 46, ... ]

.text win32k.sys!EngQueryPalette + D4 BF938A13 2 Bytes [ FF, 55 ]

.text win32k.sys!EngQueryPalette + D7 BF938A16 118 Bytes [ EC, 83, EC, 34, 53, 56, 57, ... ]

.text win32k.sys!EngQueryPalette + 14E BF938A8D 11 Bytes [ 38, 23, FA, 0B, F9, 89, 38, ... ]

.text ...

.text win32k.sys!EngCreatePath + 13 BF938C64 34 Bytes [ EC, 0F, B6, 45, 08, 53, 0F, ... ]

.text win32k.sys!EngCreatePath + 36 BF938C87 225 Bytes [ C1, 5A, 3B, FB, 76, 0C, 8B, ... ]

.text win32k.sys!EngDeletePath + C9 BF938D69 67 Bytes [ 5D, 08, 85, DB, 74, 0E, 89, ... ]

.text win32k.sys!PATHOBJ_bPolyBezierTo + 2C BF938DAD 228 Bytes [ 00, 00, 8B, 45, 0C, 76, 5C, ... ]

.text win32k.sys!WNDOBJ_vSetConsumer + B8 BF938E92 90 Bytes [ 14, 03, 8B, 55, 0C, 75, 08, ... ]

.text win32k.sys!WNDOBJ_vSetConsumer + 113 BF938EED 174 Bytes [ 48, 14, 89, 48, 18, 89, 48, ... ]

.text win32k.sys!EngCreateWnd + 78 BF938F9C 192 Bytes [ 40, 0C, 8D, 14, 95, 30, 9F, ... ]

.text win32k.sys!EngCreateWnd + 139 BF93905D 93 Bytes [ 41, 1C, 89, 41, 20, 89, 41, ... ]

.text win32k.sys!EngCreateWnd + 197 BF9390BB 64 Bytes [ 3A, 8B, 18, 3B, FB, 72, 04, ... ]

.text win32k.sys!EngCreateWnd + 1D8 BF9390FC 4 Bytes [ 89, 45, D8, 89 ]

.text win32k.sys!EngCreateWnd + 1DD BF939101 40 Bytes [ DC, 89, 45, E0, 89, 45, E4, ... ]

.text ...

.text win32k.sys!EngDeleteWnd + 2 BF93934E 27 Bytes [ FF, EB, 4B, 8B, 55, 14, 57, ... ]

.text win32k.sys!EngDeleteWnd + 1E BF93936A 34 Bytes [ 00, 00, 6B, C9, 1C, 03, C1, ... ]

.text win32k.sys!EngDeleteWnd + 41 BF93938D 38 Bytes [ B0, EF, 9D, 99, BF, 48, 8D, ... ]

.text win32k.sys!EngDeleteWnd + 68 BF9393B4 45 Bytes CALL BF8019E3 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngDeleteWnd + 96 BF9393E2 42 Bytes [ 0D, 3B, 45, 08, 74, 0E, 8B, ... ]

.text ...

.text win32k.sys!EngDitherColor + 1B BF93A0AB 7 Bytes [ 00, 80, 56, 53, 50, FF, 75 ]

.text win32k.sys!EngDitherColor + 23 BF93A0B3 102 Bytes CALL BF9395B6 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngDitherColor + 8A BF93A11A 152 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]

.text win32k.sys!EngDitherColor + 123 BF93A1B3 3 Bytes [ 43, 08, 6A ]

.text win32k.sys!EngDitherColor + 127 BF93A1B7 38 Bytes [ 68, 47, 73, 70, 6C, 6A, 14, ... ]

.text ...

.text win32k.sys!EngEnumForms + 3C BF93A960 49 Bytes [ 52, 03, CB, 51, 03, C3, 50, ... ]

.text win32k.sys!EngEnumForms + 6E BF93A992 152 Bytes [ 75, 14, FF, 15, EC, B2, 98, ... ]

.text win32k.sys!EngGetPrinter + 17 BF93AA2B 133 Bytes [ C0, 85, F6, 0F, 84, 03, 07, ... ]

.text win32k.sys!EngGetPrinter + 9D BF93AAB1 41 Bytes [ 8D, 04, 31, 3B, C1, 72, 08, ... ]

.text win32k.sys!EngGetPrinter + C7 BF93AADB 43 Bytes CALL BF8FF863 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngGetPrinter + F3 BF93AB07 40 Bytes [ D8, 8B, 75, 0C, EB, 18, 6A, ... ]

.text win32k.sys!EngGetForm + 4 BF93AB30 21 Bytes [ 45, 0C, 8D, 48, 01, 3B, 4D, ... ]

.text win32k.sys!EngGetForm + 1B BF93AB47 20 Bytes [ 04, C0, E0, 04, 0A, C8, 88, ... ]

.text win32k.sys!EngGetForm + 30 BF93AB5C 108 Bytes [ F6, 45, 0C, 01, 74, 06, FF, ... ]

.text win32k.sys!EngGetForm + 9D BF93ABC9 3 Bytes [ 00, 00, 6A ]

.text win32k.sys!EngGetForm + A1 BF93ABCD 7 Bytes [ 68, 47, 66, 75, 6C, 6A, 18 ]

.text ...

.text win32k.sys!EngGetPrinterDriver + D BF93ADBF 21 Bytes [ 33, C0, 40, C3, 90, 90, 90, ... ]

.text win32k.sys!EngGetPrinterData + 13 BF93ADD5 2 Bytes [ 6A, 00 ]

.text win32k.sys!EngGetPrinterData + 16 BF93ADD8 9 Bytes [ 10, FF, 75, E0, 68, 08, 08, ... ]

.text win32k.sys!EngGetPrinterData + 20 BF93ADE2 46 Bytes [ 87, FE, FF, FF, 3D, 10, 08, ... ]

.text win32k.sys!EngGetPrinterData + 51 BF93AE13 188 Bytes [ 8B, 5D, 0C, F6, C3, 01, 74, ... ]

.text win32k.sys!EngSetPrinterData + 1 BF93AED0 108 Bytes [ 43, 04, 89, 47, 04, 83, 4D, ... ]

.text win32k.sys!EngSetPrinterData + 6E BF93AF3D 145 Bytes [ 7D, E4, 00, 0F, 8C, F5, 01, ... ]

.text win32k.sys!EngWritePrinter + 1A BF93AFCF 70 Bytes [ 03, 39, 45, 10, 76, 03, 8B, ... ]

.text win32k.sys!EngWritePrinter + 61 BF93B016 3 Bytes [ 45, E4, 9A ]

.text win32k.sys!EngWritePrinter + 66 BF93B01B 7 Bytes [ C0, EB, 5A, C7, 45, FC, 0D ]

.text win32k.sys!EngWritePrinter + 6E BF93B023 129 Bytes [ 00, 00, 8B, 45, 10, 85, C0, ... ]

.text win32k.sys!EngWritePrinter + F0 BF93B0A5 18 Bytes CALL BF857225 \SystemRoot\System32\win32k.sys

.text ...

.text win32k.sys!EngFileIoControl + 2B BF93B266 219 Bytes [ FE, 89, 46, 14, 8B, 0D, 68, ... ]

.text win32k.sys!EngGetTickCount + D3 BF93B346 75 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]

.text win32k.sys!EngGetTickCount + 11F BF93B392 50 Bytes [ 00, F6, 46, 48, 20, 57, 8B, ... ]

.text win32k.sys!EngGetTickCount + 152 BF93B3C5 15 Bytes [ 00, 85, C0, 8B, 8E, A8, 00, ... ]

.text win32k.sys!EngGetTickCount + 163 BF93B3D6 9 Bytes [ 00, 89, 4D, D0, 8B, 8E, B0, ... ]

.text win32k.sys!EngGetTickCount + 16D BF93B3E0 8 Bytes [ 89, 4D, D4, 8B, 8E, B8, 00, ... ]

.text ...

.text win32k.sys!EngHangNotification + 1B BF93DB04 20 Bytes [ 00, 00, 89, 4D, E4, 89, 4D, ... ]

.text win32k.sys!EngHangNotification + 30 BF93DB19 16 Bytes [ 6A, 0E, 59, 8B, FB, F3, AB, ... ]

.text win32k.sys!EngHangNotification + 41 BF93DB2A 134 Bytes [ 83, 65, FC, 00, F6, C2, 03, ... ]

.text win32k.sys!EngHangNotification + C8 BF93DBB1 22 Bytes [ 89, 45, DC, 8B, 7D, 0C, 33, ... ]

.text win32k.sys!EngHangNotification + DF BF93DBC8 45 Bytes [ C0, 3B, F8, 72, DA, 89, 7D, ... ]

.text ...

.text win32k.sys!EngFntCacheFault + 4F BF93E5CA 32 Bytes [ B0, D0, 02, 00, 00, B9, 80, ... ]

.text win32k.sys!EngFntCacheFault + 70 BF93E5EB 23 Bytes [ 00, 89, 88, DC, 02, 00, 00, ... ]

.text win32k.sys!EngFntCacheFault + 88 BF93E603 24 Bytes [ 8A, 88, 05, 00, 00, 89, 88, ... ]

.text win32k.sys!EngFntCacheFault + A1 BF93E61C 65 Bytes [ 8B, 3B, 6A, 5D, 81, C7, 98, ... ]

.text win32k.sys!EngFntCacheFault + E3 BF93E65E 7 Bytes [ 88, E0, 05, 00, 00, 8B, 03 ]

.text ...

.text win32k.sys!EngUnmapFile BF93E7EA 3 Bytes [ 90, 90, 90 ]

.text win32k.sys!EngUnmapFile + 4 BF93E7EE 2 Bytes [ FF, 55 ]

.text win32k.sys!EngUnmapFile + 7 BF93E7F1 32 Bytes [ EC, 81, 7D, 30, CC, CC, 00, ... ]

.text win32k.sys!EngUnmapFile + 28 BF93E812 137 Bytes [ 74, 09, 8B, 41, 0C, 8B, 80, ... ]

.text win32k.sys!EngUnmapFile + B3 BF93E89D 8 Bytes [ 00, 0F, B7, 46, 0A, 99, C1, ... ]

.text ...

.text win32k.sys!EngLoadModuleForWrite + 7 BF93EEF9 7 Bytes [ F8, B1, 01, E8, AE, 54, EE ]

.text win32k.sys!EngLoadModuleForWrite + F BF93EF01 12 Bytes [ 8B, F8, 8B, 46, 10, 8B, DA, ... ]

.text win32k.sys!EngLoadModuleForWrite + 1C BF93EF0E 6 Bytes [ 53, 57, FF, 76, 24, 99 ]

.text win32k.sys!EngMapFile + 2 BF93EF15 45 Bytes [ 76, 20, 89, 45, F0, 89, 55, ... ]

.text win32k.sys!EngMapFile + 30 BF93EF43 3 Bytes [ 76, 18, 89 ]

.text win32k.sys!EngMapFile + 34 BF93EF47 123 Bytes CALL BF800B59 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngMapFile + B0 BF93EFC3 1 Byte [ 55 ]

.text win32k.sys!EngMapFile + B2 BF93EFC5 121 Bytes JMP 031FB855

.text ...

.text win32k.sys!EngGetPrinterDataFileName BF93F08A 5 Bytes [ 90, 90, 8B, FF, 55 ]

.text win32k.sys!EngGetPrinterDataFileName + 6 BF93F090 20 Bytes [ EC, 83, EC, 28, 8B, 45, 0C, ... ]

.text win32k.sys!EngGetDriverName + 4 BF93F0A5 120 Bytes [ 30, 57, 8B, 7D, 08, 8B, 07, ... ]

.text win32k.sys!EngQueryDeviceAttribute + 60 BF93F11E 6 Bytes [ 89, 86, 8C, 00, 00, 00 ]

.text win32k.sys!EngQueryDeviceAttribute + 67 BF93F125 75 Bytes [ 45, D8, 50, 8B, 45, 10, 0F, ... ]

.text win32k.sys!EngQueryDeviceAttribute + B3 BF93F171 100 Bytes [ 8D, 46, 38, 50, 8D, 46, 18, ... ]

.text win32k.sys!EngQueryDeviceAttribute + 118 BF93F1D6 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]

.text win32k.sys!EngQueryDeviceAttribute + 121 BF93F1DF 47 Bytes [ EC, 8B, 45, 0C, 8B, 50, 04, ... ]

.text ...

.text win32k.sys!EngPlgBlt + A0 BF941753 14 Bytes CALL BF940918 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngPlgBlt + AF BF941762 33 Bytes [ EB, 26, 8B, 4E, 30, 80, A6, ... ]

.text win32k.sys!EngPlgBlt + D1 BF941784 31 Bytes [ BE, 8C, 00, 00, 00, 40, 5F, ... ]

.text win32k.sys!EngPlgBlt + F1 BF9417A4 111 Bytes [ F1, 74, 13, FF, 75, 18, FF, ... ]

.text win32k.sys!EngPlgBlt + 161 BF941814 2 Bytes [ 4E, 40 ]

.text ...

.text win32k.sys!EngSetPointerTag + 8 BF943145 6 Bytes [ 8B, FF, 55, 8B, EC, 83 ]

.text win32k.sys!EngSetPointerTag + F BF94314C 5 Bytes [ 18, 53, 8B, 5D, 08 ]

.text win32k.sys!EngSetPointerTag + 15 BF943152 66 Bytes [ 57, 8D, 43, 0C, 50, 8D, 4D, ... ]

.text win32k.sys!EngSetPointerTag + 58 BF943195 5 Bytes [ 08, 74, 11, 8D, 45 ]

.text win32k.sys!EngSetPointerTag + 5E BF94319B 11 Bytes [ 50, 8D, 45, FC, 50, 53, E8, ... ]

.text ...

.text win32k.sys!STROBJ_fxCharacterExtra + 2 BF943E95 102 Bytes [ 00, 00, 8B, 4D, FC, 8B, 7E, ... ]

.text win32k.sys!STROBJ_fxBreakExtra + 4B BF943EFC 17 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]

.text win32k.sys!STROBJ_fxBreakExtra + 5D BF943F0E 62 Bytes [ 8B, 46, 10, 8B, 0E, 89, 45, ... ]

.text win32k.sys!STROBJ_fxBreakExtra + 9C BF943F4D 24 Bytes [ 46, 24, 8B, 56, 04, 8D, 3C, ... ]

.text win32k.sys!STROBJ_fxBreakExtra + B5 BF943F66 2 Bytes [ 45, F0 ]

.text win32k.sys!STROBJ_fxBreakExtra + B8 BF943F69 62 Bytes [ 45, EC, 85, C0, 89, 7D, 08, ... ]

.text ...

.text win32k.sys!FONTOBJ_pfdg + 2 BF945448 53 Bytes JMP B694544B

.text win32k.sys!FONTOBJ_cGetAllGlyphHandles + 21 BF94547E 3 Bytes [ 83, FD, FF ]

.text win32k.sys!FONTOBJ_cGetAllGlyphHandles + 25 BF945482 81 Bytes [ 85, C0, 0F, 84, AF, FE, FF, ... ]

.text win32k.sys!FONTOBJ_pvTrueTypeFontFile + 46 BF9454D4 102 Bytes [ 7E, 34, 75, 0D, 83, 7D, 20, ... ]

.text win32k.sys!FONTOBJ_pjOpenTypeTablePointer + 2F BF94553B 5 Bytes [ 08, 8B, 81, 2C, 01 ]

.text win32k.sys!FONTOBJ_pjOpenTypeTablePointer + 35 BF945541 50 Bytes [ 00, F7, D8, 89, 45, F0, 8B, ... ]

.text win32k.sys!FONTOBJ_pwszFontFilePaths + 2E BF945574 115 Bytes [ 11, 8B, 55, 14, 89, 45, EC, ... ]

.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 5B BF9455E8 97 Bytes [ 83, 7D, E0, 00, 89, 5D, E8, ... ]

.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + BD BF94564A 20 Bytes [ FF, 3B, 5D, 18, 7E, 03, 89, ... ]

.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + D2 BF94565F 73 Bytes [ 45, 18, 89, 46, 58, 8B, 45, ... ]

.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 11C BF9456A9 34 Bytes [ 45, 0C, 8B, 00, 53, 56, 57, ... ]

.text win32k.sys!FONTOBJ_pQueryGlyphAttrs + 13F BF9456CC 15 Bytes [ 88, E4, 01, 00, 00, A5, 89, ... ]

.text ...

.text win32k.sys!XLATEOBJ_cGetPalette + 2 BF946B18 40 Bytes [ C2, 10, 00, 90, 90, 90, 90, ... ]

.text win32k.sys!XLATEOBJ_cGetPalette + 2B BF946B41 37 Bytes [ 7D, D8, 89, 7D, D4, 89, 7D, ... ]

.text win32k.sys!XLATEOBJ_cGetPalette + 51 BF946B67 28 Bytes [ FF, 0F, 85, 23, 01, 00, 00, ... ]

.text win32k.sys!XLATEOBJ_cGetPalette + 6E BF946B84 387 Bytes [ 75, 18, 56, FF, 15, EC, B2, ... ]

.text win32k.sys!XLATEOBJ_hGetColorTransform + 16F BF946D08 93 Bytes [ 4D, 0C, 8D, 04, 31, 3B, C1, ... ]

.text win32k.sys!XLATEOBJ_hGetColorTransform + 1CD BF946D66 3 Bytes [ 8B, 5D, E4 ]

.text win32k.sys!XLATEOBJ_hGetColorTransform + 1D1 BF946D6A 12 Bytes [ 7B, 0C, 89, 07, EB, 03, 8B, ... ]

.text win32k.sys!XLATEOBJ_hGetColorTransform + 1DE BF946D77 2 Bytes [ C1, C1 ]

.text win32k.sys!XLATEOBJ_hGetColorTransform + 1E1 BF946D7A 21 Bytes [ 02, F3, A5, 8B, C8, 83, E1, ... ]

.text ...

.text win32k.sys!EngDeleteClip + 49 BF9762F2 51 Bytes [ 0F, 84, F3, 00, 00, 00, 85, ... ]

.text win32k.sys!EngDeleteClip + 7D BF976326 50 Bytes [ 45, 1C, 85, FF, 75, 03, 21, ... ]

.text win32k.sys!EngDeleteClip + B0 BF976359 50 Bytes [ 00, 00, 00, 85, FF, 74, 11, ... ]

.text win32k.sys!EngDeleteClip + E3 BF97638C 101 Bytes CALL BF905057 \SystemRoot\System32\win32k.sys

.text win32k.sys!EngDeleteClip + 14A BF9763F3 95 Bytes [ F8, 8B, CB, FF, 75, F4, FF, ... ]

.text ...

.text win32k.sys!HT_ComputeRGBGammaTable + 1 BF97D80A 99 Bytes [ 45, 0C, FF, 45, 14, 83, C2, ... ]

.text win32k.sys!HT_ComputeRGBGammaTable + 65 BF97D86E 166 Bytes [ 95, 70, 72, 99, BF, 03, D7, ... ]

.text win32k.sys!HT_ComputeRGBGammaTable + 10C BF97D915 42 Bytes [ 00, 74, 60, 0F, B6, 70, 02, ... ]

.text win32k.sys!HT_ComputeRGBGammaTable + 137 BF97D940 5 Bytes [ 04, 00, 00, 2B, FB ]

.text win32k.sys!HT_ComputeRGBGammaTable + 13D BF97D946 23 Bytes [ 5D, EC, C1, EF, 10, C1, EB, ... ]

.text ...

 

---- Devices - GMER 1.0.12 ----

 

Device \Driver\USBSTOR \Device000070 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\USBSTOR \Device000071 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\USBSTOR \Device000072 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\USBSTOR \Device000073 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

Device \Driver\USBSTOR \Device00006f IRP_MJ_INTERNAL_DEVICE_CONTROL [F77BFD60] sfsync02.sys

 

---- Files - GMER 1.0.12 ----

 

ADS C:\Documents and Settings\Jenni.NOM-0C9D00AA293\Local Settings\Application Data\Microsoft\Messenger\jennni89@hotmail.com\SharingMetadata\jonne_makela@hotmail.com\DFSR\Staging\CS{DAD129FA-BE6B-24A3-DDA4-329BDB929246}1\10-{DAD129FA-BE6B-24A3-DDA4-329BDB929246}-v1-{6B8AA867-8766-408D-99B5-924B50580CA2}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

 

---- EOF - GMER 1.0.12 ----

et HJK

 

Logfile of HijackThis v1.99.1

Scan saved at 19:15:03, on 2007-04-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

N:\AntiVir PersonalEdition Classic\sched.exe

N:\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

N:\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

L:\QUICKENW2002\QAGENT.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\mrtMngr.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

E:\NoPick.exe

N:\FIREFOX\FIREFOX.EXE

N:\QuickZip4\QuickZip.exe

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\QZTEMP\gmer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Compaq_Propriétaire\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avgnt] "N:\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QAGENT] L:\QUICKENW2002\QAGENT.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174783407203

O18 - Protocol: bwz0 - {DE93EC42-9FB4-4A30-A41A-D510199B8C56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {DE93EC42-9FB4-4A30-A41A-D510199B8C56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {DE93EC42-9FB4-4A30-A41A-D510199B8C56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - N:\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - N:\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - N:\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

Merci

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Mouai! pas de trace de lzx32.sys

 

**E:\NoPick.exe ??? ça te dit qlqchose?? j'ai aucune info dessus à part un lien:!

http://dougmcfarlane.com/

 

**Télécharge ATF Cleaner by Atribune sur ton bureau.

http://www.atribune.org/ccount/click.php?id=1

 

-Télécharge SmitfraudFix de S!Ri sur ton bureau

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

-- Télécharge http://www.malekal.com/download/clean.zip

clic droit dessus extraire ici

 

-met à jour ton avg anti spyware

 

**lance smitfraudfix option 1 et clean.cmd option 1 et poste le rapport

désactive temporairement ton antivirus le temp d'executer smitfraudfix

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky...) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. idem pour clean de malekal

  • Tonton a modifié le titre en Mais à quoi sert donc un Anti-Virus ?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...