-
double fetch, case 32 - case 62
DOUBLE FETCH: cr3 0xa9774000, syscall 0x12dd eip 0xfffff961a3dc59e0, user_address 0x13ee9902a60, user_data 0x0, modrm 0x1, pc 0xfffff961a3dc5a1c eip 0xfffff961a3a9b389, user_address 0x13ee9902a60, user_data 0x0, modrm 0x0, pc 0xfffff961a3a9b417 0xfffff961a3dc5a1c - 0xfffff961a3a9b417 = 32A605 1c0035a1c − 1c002c417 = 9605 win32kbase.sys 1c00359ed 48 0f 43 CMOVNC RDX,qword ptr [W32UserProbeAddress] = ?? 15 cb ea...
-
double fetch, case 5, case 6 .. case 31
case 5 DOUBLE FETCH: cr3 0xb7261000, syscall 0x88 eip 0xfffff80179c9f8e1, user_address 0x40f3efdbe8, user_data 0x1000, modrm 0x1, pc 0xfffff80179c9f99e eip 0xfffff80179c9f8e1, user_address 0x40f3efdbe8, user_data 0x1000, modrm 0x1, pc 0xfffff80179c9f9bc LAB_14041599e XREF[1]: 140415afd(j) --> 14041599e 48 8b 01 MOV RAX,qword ptr [param_1] 1404159a1 48 89 84 MOV qword ptr [RSP + local_c8],RAX...
-
double fetches ...
case 3: DOUBLE FETCH: cr3 0xb7261000, syscall 0x125 eip 0xfffff80179cb0aa3, user_address 0x40f3efe798, user_data 0x1, modrm 0x1, pc 0xfffff80179cb0aeb eip 0xfffff80179cb0aa3, user_address 0x40f3efe798, user_data 0x1, modrm 0x36, pc 0xfffff80179cb0af5 LAB_140426acf XREF[1]: 140426ac0(j) 140426acf 40 f6 c6 03 TEST SIL,0x3 140426ad3 0f 85 8e JNZ LAB_140426b67 00 00 00 --> 140426ad9 48...