-
Double fetch, case 63 - case 98
case 63 0xfffff800a moudle again. Saved for later. DOUBLE FETCH: cr3 0x12cd41000, syscall 0x7 eip 0xfffff800a2772a3e, user_address 0x1c4597f0a0, user_data 0x6, modrm 0x1, pc 0xfffff800a2772a5f eip 0xfffff800a2772a3e, user_address 0x1c4597f0a0, user_data 0x6, modrm 0x6, pc 0xfffff800a2772a8e case 64 DOUBLE FETCH: cr3 0x12cd41000, syscall 0xa9 eip 0xfffff80179d0ecec, user_address 0x1c4597f410, user_data 0xe0, modrm 0x1,...
-
NtGdiGetDIBitsInternal
case 53 seems interesting. case 53 DOUBLE FETCH: cr3 0x120c9d000, syscall 0x1087 eip 0xfffff961a3a46f87, user_address 0x1f978d80030, user_data 0x28, modrm 0x0, pc 0xfffff961a3a46fac eip 0xfffff961a3a47370, user_address 0x1f978d80030, user_data 0x28, modrm 0x11, pc 0xfffff961a3a47386 NtGdiGetDIBitsInternal 1c0046f90 4c 89 a4 MOV qword ptr [RSP + local_88],R12 24 a0 00 00 00 1c0046f98 48...
-
double fetch, case 32 - case 62
DOUBLE FETCH: cr3 0xa9774000, syscall 0x12dd eip 0xfffff961a3dc59e0, user_address 0x13ee9902a60, user_data 0x0, modrm 0x1, pc 0xfffff961a3dc5a1c eip 0xfffff961a3a9b389, user_address 0x13ee9902a60, user_data 0x0, modrm 0x0, pc 0xfffff961a3a9b417 0xfffff961a3dc5a1c - 0xfffff961a3a9b417 = 32A605 1c0035a1c − 1c002c417 = 9605 win32kbase.sys 1c00359ed 48 0f 43 CMOVNC RDX,qword ptr [W32UserProbeAddress] = ?? 15 cb ea...