u@home:~$

Archive

About

RSS

  • win32k double fetches, case 0 - case 50

    case 0 need review DOUBLE FETCH: cr3 0x11ec2f000, syscall 0x1005 user_address 0x3234cfd2f0, user_data 0x80000000, modrm 0xb8, pc 0xfffff960cca34caf user_address 0x3234cfd2f0, user_data 0x80000000, modrm 0x88, pc 0xfffff960cca35035 0x34c30 1267 NtGdiFlushUserBatch Ordinal_1267 XREF[5]: Entry Point(*), 1c02f2ee0(*), NtGdiFlushUserBatch 1c0332a94(*), 1c03663f0(*), 1c037c154(*) 1c0034c30 48 89 5c MOV qword ptr [RSP + local_res8],RBX 24 08...

  • Double fetch, case 63 - case 98

    case 63 0xfffff800a moudle again. Saved for later. DOUBLE FETCH: cr3 0x12cd41000, syscall 0x7 eip 0xfffff800a2772a3e, user_address 0x1c4597f0a0, user_data 0x6, modrm 0x1, pc 0xfffff800a2772a5f eip 0xfffff800a2772a3e, user_address 0x1c4597f0a0, user_data 0x6, modrm 0x6, pc 0xfffff800a2772a8e case 64 DOUBLE FETCH: cr3 0x12cd41000, syscall 0xa9 eip 0xfffff80179d0ecec, user_address 0x1c4597f410, user_data 0xe0, modrm 0x1,...

  • NtGdiGetDIBitsInternal

    case 53 seems interesting. case 53 DOUBLE FETCH: cr3 0x120c9d000, syscall 0x1087 eip 0xfffff961a3a46f87, user_address 0x1f978d80030, user_data 0x28, modrm 0x0, pc 0xfffff961a3a46fac eip 0xfffff961a3a47370, user_address 0x1f978d80030, user_data 0x28, modrm 0x11, pc 0xfffff961a3a47386 NtGdiGetDIBitsInternal 1c0046f90 4c 89 a4 MOV qword ptr [RSP + local_88],R12 24 a0 00 00 00 1c0046f98 48...