22aa985b-5fdb-4e38-9382-a496220c27ec
TmComm.sys 
Description
TmComm.sys is a vulnerable driver and more information will be added as found.
This download link contains the vulnerable driver!
Commands
sc.exe create TmComm.sys binPath=C:\windows\temp\TmComm.sys type=kernel && sc.exe start TmComm.sys
| Use Case | Privileges | Operating System |
|---|---|---|
| Elevate privileges | kernel | Windows 10 |
Detections
YARA 🏹
Expand
with header and size limitation
without header and size limitation
for renamed driver files
Resources
Known Vulnerable Samples
| Property | Value |
|---|---|
| Filename | TmComm.sys |
| Creation Timestamp | 2018-04-09 04:08:57 |
| MD5 | 2e1f8a2a80221deb93496a861693c565 |
| SHA1 | a00e444120449e35641d58e62ed64bb9c9f518d2 |
| SHA256 | cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64 |
| Authentihash MD5 | 2d7f04ca689981b18fb8a4488e029843 |
| Authentihash SHA1 | 6c0af836a89234e9a69363495719b686fbad8d7d |
| Authentihash SHA256 | d580349730ace5170e7c33850bdcb37cbf16b70d0d1adc2568fdd223c2a55a77 |
| RichPEHeaderHash MD5 | 1ef18db502f07590b0133ea93427886b |
| RichPEHeaderHash SHA1 | 914fa70ff269481ce7c8e767d0e276b77de8e7af |
| RichPEHeaderHash SHA256 | 704350b0e89fb3277a7ba93465a4cdcd8b21bbab537ec95548227dbe1d735ac2 |
| Company | Trend Micro Inc. |
| Description | TrendMicro Common Module |
| Product | Trend Micro Eyes |
| OriginalFilename | TmComm.sys |
Certificates
Expand
Certificate 7e93ebfb7cc64e59ea4b9a77d406fc3b
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | d0785ad36e427c92b19f6826ab1e8020 |
| ToBeSigned (TBS) SHA1 | 365b7a9c21bd9373e49052c3e7b3e4646ddd4d43 |
| ToBeSigned (TBS) SHA256 | c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2 |
| ValidFrom | 2012-12-21 00:00:00 |
| ValidTo | 2020-12-30 23:59:59 |
| Signature | 03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 7e93ebfb7cc64e59ea4b9a77d406fc3b |
| Version | 3 |
Certificate 0ecff438c8febf356e04d86a981b1a50
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | e9d38360b914c8863f6cba3ee58764d3 |
| ToBeSigned (TBS) SHA1 | 4cba8eae47b6bf76f20b3504b98b8f062694a89b |
| ToBeSigned (TBS) SHA256 | 88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976 |
| Subject | C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4 |
| ValidFrom | 2012-10-18 00:00:00 |
| ValidTo | 2020-12-29 23:59:59 |
| Signature | 783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 0ecff438c8febf356e04d86a981b1a50 |
| Version | 3 |
Certificate 497c4fad471540e6e453d0cafb155740
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 78eaa337666217b1c16a9a0ebd0b8434 |
| ToBeSigned (TBS) SHA1 | ff9cb835e78f6185eed4372096c3bae53b17d18d |
| ToBeSigned (TBS) SHA256 | 1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250 |
| Subject | C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc. |
| ValidFrom | 2017-04-27 00:00:00 |
| ValidTo | 2018-07-16 23:59:59 |
| Signature | f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | False |
| SerialNumber | 497c4fad471540e6e453d0cafb155740 |
| Version | 3 |
Certificate 611993e400000000001c
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | 78a717e082dcc1cda3458d917e677d14 |
| ToBeSigned (TBS) SHA1 | 4a872e0e51f9b304469cd1dedb496ee9b8b983a4 |
| ToBeSigned (TBS) SHA256 | 317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5 |
| ValidFrom | 2011-02-22 19:25:17 |
| ValidTo | 2021-02-22 19:35:17 |
| Signature | 812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 611993e400000000001c |
| Version | 3 |
Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
| Field | Value |
|---|---|
| ToBeSigned (TBS) MD5 | b30c31a572b0409383ed3fbe17e56e81 |
| ToBeSigned (TBS) SHA1 | 4843a82ed3b1f2bfbee9671960e1940c942f688d |
| ToBeSigned (TBS) SHA256 | 03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9 |
| Subject | C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA |
| ValidFrom | 2010-02-08 00:00:00 |
| ValidTo | 2020-02-07 23:59:59 |
| Signature | 5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3 |
| SignatureAlgorithmOID | 1.2.840.113549.1.1.5 |
| IsCertificateAuthority | True |
| SerialNumber | 5200e5aa2556fc1a86ed96c9d44b33c7 |
| Version | 3 |
Imports
Expand
- ntoskrnl.exe
Imported Functions
Expand
- RtlInitUnicodeString
- KeInitializeEvent
- KeClearEvent
- KeSetEvent
- KeEnterCriticalRegion
- KeLeaveCriticalRegion
- KeWaitForSingleObject
- ExFreePoolWithTag
- ExAcquireFastMutexUnsafe
- ExReleaseFastMutexUnsafe
- ProbeForRead
- ProbeForWrite
- ExAcquireResourceSharedLite
- ExAcquireResourceExclusiveLite
- ExReleaseResourceLite
- MmProbeAndLockPages
- MmUnlockPages
- MmMapLockedPagesSpecifyCache
- IoAllocateMdl
- IoFreeMdl
- IoGetCurrentProcess
- ObfReferenceObject
- ObfDereferenceObject
- ZwClose
- ZwCreateSection
- ZwOpenSection
- ZwMapViewOfSection
- ZwUnmapViewOfSection
- ZwOpenEvent
- KePulseEvent
- KeStackAttachProcess
- KeUnstackDetachProcess
- ObOpenObjectByPointer
- ZwAllocateVirtualMemory
- ZwFreeVirtualMemory
- ZwSetEvent
- __C_specific_handler
- PsProcessType
- wcslen
- wcsncpy
- wcsrchr
- RtlUnicodeStringToInteger
- ZwWaitForSingleObject
- ZwRequestWaitReplyPort
- ZwConnectPort
- _stricmp
- ExAllocatePoolWithTag
- MmIsAddressValid
- RtlImageNtHeader
- ZwQuerySystemInformation
- SeCaptureSubjectContext
- SeReleaseSubjectContext
- SeAccessCheck
- ObGetObjectSecurity
- ObReleaseObjectSecurity
- PsGetProcessExitTime
- PsThreadType
- MmSectionObjectType
- RtlCreateSecurityDescriptor
- RtlSetDaclSecurityDescriptor
- KeInitializeSemaphore
- KeReleaseSemaphore
- ExAcquireFastMutex
- ExReleaseFastMutex
- RtlCreateAcl
- RtlAddAccessAllowedAce
- RtlLengthRequiredSid
- RtlInitializeSid
- RtlSubAuthoritySid
- KeDelayExecutionThread
- ExGetPreviousMode
- DbgPrint
- swprintf
- RtlCopyUnicodeString
- IofCompleteRequest
- IoCreateSymbolicLink
- IoDeleteDevice
- IoDeleteSymbolicLink
- ObReferenceObjectByHandle
- PsGetCurrentProcessId
- ZwCreateEvent
- ExEventObjectType
- _wcsnicmp
- PsSetCreateProcessNotifyRoutine
- ZwQueryInformationProcess
- PsLookupProcessByProcessId
- ZwOpenDirectoryObject
- ExInitializeResourceLite
- ExDeleteResourceLite
- ZwCreateFile
- ZwQueryInformationFile
- ZwSetInformationFile
- ZwReadFile
- ZwWriteFile
- towupper
- MmGetSystemRoutineAddress
- ObReferenceObjectByPointer
- PsGetCurrentThreadId
- ObQueryNameString
- PsGetVersion
- _snprintf
- _vsnprintf
- RtlInitAnsiString
- wcscat
- RtlFreeUnicodeString
- RtlTimeToTimeFields
- KeWaitForMultipleObjects
- ExSystemTimeToLocalTime
- ZwCreateKey
- ZwDeviceIoControlFile
- ZwNotifyChangeKey
- ZwOpenFile
- ZwQueryVolumeInformationFile
- mbstowcs
- IoGetDeviceObjectPointer
- IoBuildDeviceIoControlRequest
- IofCallDriver
- IoCreateFile
- RtlEqualUnicodeString
- RtlAppendUnicodeStringToString
- RtlUpcaseUnicodeChar
- _snwprintf
- strlen
- _strnicmp
- strncpy
- NtOpenProcess
- NtQueryInformationProcess
- ObOpenObjectByName
- KeSetPriorityThread
- PsCreateSystemThread
- PsTerminateSystemThread
- KeNumberProcessors
- RtlLengthSecurityDescriptor
- ZwOpenKey
- ZwDeleteKey
- ZwDeleteValueKey
- ZwEnumerateKey
- ZwEnumerateValueKey
- ZwQueryKey
- ZwQueryValueKey
- ZwSetValueKey
- ZwTerminateProcess
- ZwOpenProcess
- ZwDuplicateObject
- ZwQuerySecurityObject
- ZwSetSecurityObject
- ZwQueryDirectoryObject
- ZwQueryDirectoryFile
- NtCreateFile
- NtQueryInformationFile
- NtSetInformationFile
- IoFileObjectType
- ObInsertObject
- wcschr
- wcsncmp
- RtlQueryRegistryValues
- RtlAppendUnicodeToString
- RtlCompareMemory
- MmBuildMdlForNonPagedPool
- IoAllocateIrp
- IoFreeIrp
- ZwOpenSymbolicLinkObject
- ZwQuerySymbolicLinkObject
- RtlUpcaseUnicodeString
- NtClose
- ZwSetInformationObject
- SeQueryAuthenticationIdToken
- MmSystemRangeStart
- IoGetFileObjectGenericMapping
- ObCreateObject
- SeCreateAccessState
- IoAcquireVpbSpinLock
- IoReleaseVpbSpinLock
- wcstombs
- strncat
- wcsncat
- RtlUnicodeStringToAnsiString
- RtlFreeAnsiString
- strcpy
- wcsstr
- RtlCompareUnicodeString
- KeAcquireSpinLockRaiseToDpc
- KeReleaseSpinLock
- ExAllocatePool
- ExpInterlockedPopEntrySList
- IoBuildSynchronousFsdRequest
- IoGetStackLimits
- IoGetDeviceInterfaces
- IoRegisterPlugPlayNotification
- IoUnregisterPlugPlayNotification
- IoGetConfigurationInformation
- FsRtlIsNameInExpression
- IoDeviceObjectType
- IoCreateDevice
- RtlGetOwnerSecurityDescriptor
- RtlGetDaclSecurityDescriptor
- RtlGetGroupSecurityDescriptor
- RtlGetSaclSecurityDescriptor
- SeCaptureSecurityDescriptor
- RtlLengthSid
- SeExports
- IoIsWdmVersionAvailable
- RtlAbsoluteToSelfRelativeSD
- RtlAnsiStringToUnicodeString
- _purecall
- KeBugCheckEx
Exported Functions
Expand
- ??0CAutoUpdateConfigThread@@QEAA@AEBV0@@Z
- ??0CAutoUpdateConfigThread@@QEAA@PEAU_UNICODE_STRING@@P6AX0PEAX@Z1@Z
- ??0CBlobConfig@@QEAA@AEBV0@@Z
- ??0CBlobConfig@@QEAA@K@Z
- ??0CContext@@QEAA@AEBV0@@Z
- ??0CContext@@QEAA@KP6AJPEAU_EVENT_REPORT@@PEAXPEAU_TMCE_REPORT@@PEAU_TMCE_FEEDBACK@@@Z1K@Z
- ??0CContextList@@QEAA@AEBV0@@Z
- ??0CContextList@@QEAA@KPEAVIMemoryAllocator@@@Z
- ??0CDebugLog@@QEAA@AEBV0@@Z
- ??0CDebugLog@@QEAA@PEBG@Z
- ??0CDebugLogEx@@QEAA@AEBV0@@Z
- ??0CDebugLogEx@@QEAA@K@Z
- ??0CDelayLoadThread@@QEAA@AEBV0@@Z
- ??0CDelayLoadThread@@QEAA@XZ
- ??0CExclusionExtConfig@@QEAA@AEBV0@@Z
- ??0CExclusionExtConfig@@QEAA@KKE@Z
- ??0CExclusionFileNameConfig@@QEAA@AEBV0@@Z
- ??0CExclusionFileNameConfig@@QEAA@KK@Z
- ??0CExclusionFilePathConfig@@QEAA@AEBV0@@Z
- ??0CExclusionFilePathConfig@@QEAA@KK@Z
- ??0CExclusionFolderConfig@@QEAA@AEBV0@@Z
- ??0CExclusionFolderConfig@@QEAA@KK@Z
- ??0CExclusionRegistryConfig@@QEAA@AEBV0@@Z
- ??0CExclusionRegistryConfig@@QEAA@KK@Z
- ??0CFile@@QEAA@AEBV0@@Z
- ??0CFile@@QEAA@E@Z
- ??0CFileExtension@@QEAA@AEBV0@@Z
- ??0CFileExtension@@QEAA@KEEPEAVIMemoryAllocator@@@Z
- ??0CInclusionExtConfig@@QEAA@AEBV0@@Z
- ??0CInclusionExtConfig@@QEAA@KKE@Z
- ??0CInclusionFileNameConfig@@QEAA@AEBV0@@Z
- ??0CInclusionFileNameConfig@@QEAA@KK@Z
- ??0CInclusionFilePathConfig@@QEAA@AEBV0@@Z
- ??0CInclusionFilePathConfig@@QEAA@KK@Z
- ??0CInclusionFolderConfig@@QEAA@AEBV0@@Z
- ??0CInclusionFolderConfig@@QEAA@KK@Z
- ??0CKEvent@@QEAA@AEBV0@@Z
- ??0CKEvent@@QEAA@W4_EVENT_TYPE@@E@Z
- ??0CList@@QEAA@AEBV0@@Z
- ??0CList@@QEAA@KPEAVIMemoryAllocator@@@Z
- ??0CLockEvent@@QEAA@AEBV0@@Z
- ??0CLockEvent@@QEAA@XZ
- ??0CLockList@@QEAA@AEBV0@@Z
- ??0CLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
- ??0CMemoryAllocator@@IEAA@W4_POOL_TYPE@@K@Z
- ??0CMemoryAllocator@@QEAA@AEBV0@@Z
- ??0CMemoryPoolAllocator@@IEAA@W4_POOL_TYPE@@_K1K@Z
- ??0CMemoryPoolAllocator@@QEAA@AEBV0@@Z
- ??0CModuleConfig@@QEAA@AEBV0@@Z
- ??0CModuleConfig@@QEAA@XZ
- ??0CModuleConfigList@@QEAA@AEBV0@@Z
- ??0CModuleConfigList@@QEAA@KPEAVIMemoryAllocator@@@Z
- ??0CModuleFileExtConfig@@QEAA@AEBV0@@Z
- ??0CModuleFileExtConfig@@QEAA@KKE@Z
- ??0CModuleFlagConfig@@QEAA@AEBV0@@Z
- ??0CModuleFlagConfig@@QEAA@K@Z
- ??0CModuleMultiStringConfig@@QEAA@AEBV0@@Z
- ??0CModuleMultiStringConfig@@QEAA@KK@Z
- ??0CModuleStringConfig@@QEAA@AEBV0@@Z
- ??0CModuleStringConfig@@QEAA@K@Z
- ??0CNoLockList@@QEAA@AEBV0@@Z
- ??0CNoLockList@@QEAA@KKPEAVIMemoryAllocator@@@Z
- ??0CSmartLock@@QEAA@AEAVCLockEvent@@@Z
- ??0CSmartLock@@QEAA@XZ
- ??0CSmartReference@@QEAA@AEAJ@Z
- ??0CSmartReference@@QEAA@AEAK@Z
- ??0CSmartResource@@QEAA@AEAVCResource@@E@Z
- ??0CStrList@@QEAA@AEBV0@@Z
- ??0CStrList@@QEAA@KPEAVIMemoryAllocator@@@Z
- ??0CSystemThread@@QEAA@AEBV0@@Z
- ??0CSystemThread@@QEAA@K@Z
- ??0CUserFuncAdapterJob@@QEAA@AEBV0@@Z
- ??0CUserFuncAdapterJob@@QEAA@P6AXPEAX@Z01@Z
- ??0CWorkerThread@@IEAA@PEAVCWorkerThreadJobQueue@@@Z
- ??0CWorkerThread@@QEAA@AEBV0@@Z
- ??0CWorkerThreadJob@@QEAA@AEBV0@@Z
- ??0CWorkerThreadJob@@QEAA@E@Z
- ??0CWorkerThreadJobQueue@@QEAA@AEBV0@@Z
- ??0CWorkerThreadJobQueue@@QEAA@K@Z
- ??0CWorkerThreadPool@@QEAA@AEBV0@@Z
- ??0CWorkerThreadPool@@QEAA@K@Z
- ??0CWorkerThreadPoolEx@@QEAA@AEBV0@@Z
- ??0CWorkerThreadPoolEx@@QEAA@KK@Z
- ??0IMemoryAllocator@@QEAA@AEBV0@@Z
- ??0IMemoryAllocator@@QEAA@XZ
- ??1CAutoUpdateConfigThread@@UEAA@XZ
- ??1CBlobConfig@@UEAA@XZ
- ??1CContext@@UEAA@XZ
- ??1CContextList@@UEAA@XZ
- ??1CDebugLog@@UEAA@XZ
- ??1CDebugLogEx@@UEAA@XZ
- ??1CDelayLoadThread@@UEAA@XZ
- ??1CExclusionExtConfig@@UEAA@XZ
- ??1CExclusionFileNameConfig@@UEAA@XZ
- ??1CExclusionFilePathConfig@@UEAA@XZ
- ??1CExclusionFolderConfig@@UEAA@XZ
- ??1CExclusionRegistryConfig@@UEAA@XZ
- ??1CFile@@UEAA@XZ
- ??1CFileExtension@@UEAA@XZ
- ??1CInclusionExtConfig@@UEAA@XZ
- ??1CInclusionFileNameConfig@@UEAA@XZ
- ??1CInclusionFilePathConfig@@UEAA@XZ
- ??1CInclusionFolderConfig@@UEAA@XZ
- ??1CKEvent@@UEAA@XZ
- ??1CList@@UEAA@XZ
- ??1CLockEvent@@UEAA@XZ
- ??1CLockList@@UEAA@XZ
- ??1CMemoryAllocator@@UEAA@XZ
- ??1CMemoryPoolAllocator@@UEAA@XZ
- ??1CModuleConfig@@UEAA@XZ
- ??1CModuleConfigList@@UEAA@XZ
- ??1CModuleFileExtConfig@@UEAA@XZ
- ??1CModuleFlagConfig@@UEAA@XZ
- ??1CModuleMultiStringConfig@@UEAA@XZ
- ??1CModuleStringConfig@@UEAA@XZ
- ??1CNoLockList@@UEAA@XZ
- ??1CSmartLock@@QEAA@XZ
- ??1CSmartReference@@QEAA@XZ
- ??1CSmartResource@@QEAA@XZ
- ??1CStrList@@UEAA@XZ
- ??1CSystemThread@@UEAA@XZ
- ??1CUserFuncAdapterJob@@UEAA@XZ
- ??1CWorkerThread@@UEAA@XZ
- ??1CWorkerThreadJob@@UEAA@XZ
- ??1CWorkerThreadJobQueue@@UEAA@XZ
- ??1CWorkerThreadPool@@UEAA@XZ
- ??1CWorkerThreadPoolEx@@UEAA@XZ
- ??1IMemoryAllocator@@UEAA@XZ
- ??2@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
- ??2CMemoryAllocator@@SAPEAX_K@Z
- ??2CMemoryPoolAllocator@@SAPEAX_K@Z
- ??3@YAXPEAX@Z
- ??3@YAXPEAX_K@Z
- ??3IMemoryAllocator@@SAXPEAX@Z
- ??4CAutoUpdateConfigThread@@QEAAAEAV0@AEBV0@@Z
- ??4CBlobConfig@@QEAAAEAV0@AEBV0@@Z
- ??4CContext@@QEAAAEAV0@AEBV0@@Z
- ??4CDebugLog@@QEAAAEAV0@AEBV0@@Z
- ??4CDebugLogEx@@QEAAAEAV0@AEBV0@@Z
- ??4CDelayLoadThread@@QEAAAEAV0@AEBV0@@Z
- ??4CFile@@QEAAAEAV0@AEBV0@@Z
- ??4CKEvent@@QEAAAEAV0@AEBV0@@Z
- ??4CLockEvent@@QEAAAEAV0@AEBV0@@Z
- ??4CMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
- ??4CMemoryPoolAllocator@@QEAAAEAV0@AEBV0@@Z
- ??4CModuleConfig@@QEAAAEAV0@AEBV0@@Z
- ??4CModuleFlagConfig@@QEAAAEAV0@AEBV0@@Z
- ??4CModuleStringConfig@@QEAAAEAV0@AEBV0@@Z
- ??4CSmartLock@@QEAAAEAV0@AEBV0@@Z
- ??4CSmartLock@@QEAAAEBV0@AEAVCLockEvent@@@Z
- ??4CSmartResource@@QEAAAEAV0@AEBV0@@Z
- ??4CSystemThread@@QEAAAEAV0@AEBV0@@Z
- ??4CUserFuncAdapterJob@@QEAAAEAV0@AEBV0@@Z
- ??4CWorkerThread@@QEAAAEAV0@AEBV0@@Z
- ??4CWorkerThreadJob@@QEAAAEAV0@AEBV0@@Z
- ??4IMemoryAllocator@@QEAAAEAV0@AEBV0@@Z
- ??_7CAutoUpdateConfigThread@@6B@
- ??_7CBlobConfig@@6B@
- ??_7CContext@@6B@
- ??_7CContextList@@6B@
- ??_7CDebugLog@@6B@
- ??_7CDebugLogEx@@6B@
- ??_7CDelayLoadThread@@6B@
- ??_7CExclusionExtConfig@@6B@
- ??_7CExclusionFileNameConfig@@6B@
- ??_7CExclusionFilePathConfig@@6B@
- ??_7CExclusionFolderConfig@@6B@
- ??_7CExclusionRegistryConfig@@6B@
- ??_7CFile@@6B@
- ??_7CFileExtension@@6B@
- ??_7CInclusionExtConfig@@6B@
- ??_7CInclusionFileNameConfig@@6B@
- ??_7CInclusionFilePathConfig@@6B@
- ??_7CInclusionFolderConfig@@6B@
- ??_7CKEvent@@6B@
- ??_7CList@@6B@
- ??_7CLockEvent@@6B@
- ??_7CLockList@@6B@
- ??_7CMemoryAllocator@@6B@
- ??_7CMemoryPoolAllocator@@6B@
- ??_7CModuleConfig@@6B@
- ??_7CModuleConfigList@@6B@
- ??_7CModuleFileExtConfig@@6B@
- ??_7CModuleFlagConfig@@6B@
- ??_7CModuleMultiStringConfig@@6B@
- ??_7CModuleStringConfig@@6B@
- ??_7CNoLockList@@6B@
- ??_7CStrList@@6B@
- ??_7CSystemThread@@6B@
- ??_7CUserFuncAdapterJob@@6B@
- ??_7CWorkerThread@@6B@
- ??_7CWorkerThreadJob@@6B@
- ??_7CWorkerThreadJobQueue@@6B@
- ??_7CWorkerThreadPool@@6B@
- ??_7CWorkerThreadPoolEx@@6B@
- ??_7IMemoryAllocator@@6B@
- ??_FCContextList@@QEAAXXZ
- ??_FCFile@@QEAAXXZ
- ??_FCFileExtension@@QEAAXXZ
- ??_FCModuleConfigList@@QEAAXXZ
- ??_FCStrList@@QEAAXXZ
- ??_FCSystemThread@@QEAAXXZ
- ??_FCWorkerThread@@QEAAXXZ
- ??_FCWorkerThreadJob@@QEAAXXZ
- ??_FCWorkerThreadJobQueue@@QEAAXXZ
- ??_U@YAPEAX_KPEAVIMemoryAllocator@@PEBDK@Z
- ??_V@YAXPEAX@Z
- ??_V@YAXPEAX_K@Z
- ?Acquire@CLockEvent@@QEAAXXZ
- ?Add@CContextList@@QEAAEPEAVCContext@@@Z
- ?Add@CFileExtension@@QEAAEPEBGK@Z
- ?Add@CModuleConfigList@@QEAAEPEAVCModuleConfig@@@Z
- ?Add@CStrList@@QEAAEPEBG@Z
- ?AddNode@CLockList@@UEAAEQEAXE@Z
- ?AddNode@CNoLockList@@UEAAEQEAXE@Z
- ?Alloc@CMemoryAllocator@@UEAAPEAX_KPEBDK@Z
- ?Alloc@CMemoryPoolAllocator@@UEAAPEAX_KPEBDK@Z
- ?AllocBlock@CMemoryPoolAllocator@@IEAAPEAX_K@Z
- ?AttachJobQueue@CWorkerThread@@QEAAXPEAVCWorkerThreadJobQueue@@@Z
- ?Cancel@CWorkerThreadJob@@QEAAXXZ
- ?CheckNode@CLockList@@UEAAHQEAX@Z
- ?CheckNode@CNoLockList@@UEAAHQEAX@Z
- ?CleanQueue@CWorkerThreadJobQueue@@QEAAXXZ
- ?Cleanup@CBlobConfig@@AEAAXXZ
- ?Cleanup@CModuleFileExtConfig@@IEAAXXZ
- ?Cleanup@CModuleMultiStringConfig@@IEAAXXZ
- ?Cleanup@CModuleStringConfig@@AEAAXXZ
- ?Close@CFile@@QEAAJXZ
- ?Count@CLockList@@QEAAKXZ
- ?Count@CNoLockList@@QEAAKXZ
- ?Create@CFile@@QEAAJPEBGKKKK@Z
- ?Create@CSystemThread@@QEAAEXZ
- ?CreateInstance@CMemoryAllocator@@SAPEAV1@W4_POOL_TYPE@@K@Z
- ?CreateInstance@CMemoryPoolAllocator@@SAPEAV1@W4_POOL_TYPE@@_K1K@Z
- ?CreatePool@CWorkerThreadPool@@QEAAEXZ
- ?CreatePool@CWorkerThreadPoolEx@@QEAAEXZ
- ?CreateThreads@CWorkerThreadPool@@QEAAEK@Z
- ?CreateThreads@CWorkerThreadPoolEx@@QEAAEK@Z
- ?CreateWIRP@CFile@@QEAAJPEBGKKKK@Z
- ?Delete@CFile@@QEAAJXZ
- ?Delete@CFileExtension@@QEAAEPEBGK@Z
- ?Delete@CStrList@@QEAAEPEBG@Z
- ?DeleteAll@CList@@UEAAXXZ
- ?DeleteAll@CLockList@@UEAAXXZ
- ?DeleteAll@CNoLockList@@UEAAXXZ
- ?DeleteNode@CContextList@@MEAAXPEAX@Z
- ?DeleteNode@CList@@UEAAXPEAX@Z
- ?DeleteNode@CModuleConfigList@@MEAAXPEAX@Z
- ?DeleteNode@CStrList@@EEAAXPEAU_STR_LIST_NODE@1@@Z
- ?DisableWriteProtectFromCR0@@YAXPEAPEAX@Z
- ?DoIt@CWorkerThreadJob@@QEAAJXZ
- ?EntryPoint@CSystemThread@@KAXPEAX@Z
- ?Find@CContextList@@QEAAPEAVCContext@@K@Z
- ?Find@CContextList@@QEAAPEAVCContext@@PEAX@Z
- ?Find@CFileExtension@@QEAAPEAU_STR_LIST_NODE@CStrList@@PEBGK@Z
- ?Find@CModuleConfigList@@QEAAPEAVCModuleConfig@@K@Z
- ?Find@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
- ?FindNode@CContextList@@IEAAPEAXPEAX@Z
- ?FindPartiallyAndAllMatch@CStrList@@QEAAPEAU_STR_LIST_NODE@1@PEBG@Z
- ?FinishFunction@CUserFuncAdapterJob@@MEAAXXZ
- ?FinishIt@CWorkerThreadJob@@QEAAJXZ
- ?First@CList@@UEAAPEAXXZ
- ?First@CLockList@@UEAAPEAXXZ
- ?First@CNoLockList@@UEAAPEAXXZ
- ?Free@CMemoryAllocator@@UEAAXPEAX@Z
- ?Free@CMemoryPoolAllocator@@UEAAXPEAX@Z
- ?GetAttributes@CFile@@QEAAKXZ
- ?GetBasicInfomration@CFile@@IEAAJXZ
- ?GetBlobCofig@CContext@@UEAAJKPEAXPEAK@Z
- ?GetCategory@CContext@@QEAAKXZ
- ?GetData@CBlobConfig@@QEAAHPEAXPEAK@Z
- ?GetData@CModuleFileExtConfig@@QEAAHPEAGPEAK@Z
- ?GetData@CModuleFileExtConfig@@QEAAPEAVCFileExtension@@XZ
- ?GetData@CModuleFlagConfig@@QEAAKXZ
- ?GetData@CModuleMultiStringConfig@@QEAAHPEAGPEAK@Z
- ?GetData@CModuleMultiStringConfig@@QEAAPEAVCStrList@@XZ
- ?GetData@CModuleStringConfig@@QEAAPEAGXZ
- ?GetData@CStrList@@QEAAEPEAGPEAK@Z
- ?GetDataType@CModuleConfig@@QEAAKXZ
- ?GetEngineContext@CContext@@QEAAPEAXXZ
- ?GetFileExtensionConfig@CContext@@QEAAPEAVCFileExtension@@K@Z
- ?GetFileExtensionConfig@CContext@@UEAAJKPEAGPEAK@Z
- ?GetFileSize@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
- ?GetFileSizeWIRP@CFile@@QEAAJPEAT_LARGE_INTEGER@@@Z
- ?GetFlagConfig@CContext@@UEAAJKPEAK@Z
- ?GetID@CModuleConfig@@QEAAKXZ
- ?GetJob@CWorkerThreadJobQueue@@QEAAPEAVCWorkerThreadJob@@XZ
- ?GetLength@CModuleStringConfig@@QEAAKXZ
- ?GetLinkContext@CContext@@QEAAPEAXXZ
- ?GetLogFlag@CDebugLog@@QEAAKXZ
- ?GetLogFlag@CDebugLogEx@@QEAAKXZ
- ?GetModuleId@CModuleConfig@@QEAAKXZ
- ?GetMultiStringConfig@CContext@@QEAAPEAVCStrList@@K@Z
- ?GetMultiStringConfig@CContext@@UEAAJKPEAGPEAK@Z
- ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_ETHREAD@@XZ
- ?GetOneThreadTEB@CWorkerThreadPool@@QEAAPEAU_KTHREAD@@XZ
- ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_ETHREAD@@XZ
- ?GetOneThreadTEB@CWorkerThreadPoolEx@@QEAAPEAU_KTHREAD@@XZ
- ?GetReportCallBackRoutine@CContext@@QEAA_KXZ
- ?GetSize@CBlobConfig@@QEAAKXZ
- ?GetStringConfig@CContext@@QEAAPEAGK@Z
- ?GetStringConfig@CContext@@UEAAJKPEAGPEAK@Z
- ?GetThreadCount@CWorkerThreadPool@@QEAAKXZ
- ?GetThreadCount@CWorkerThreadPoolEx@@QEAAKXZ
- ?GetThreadID@CSystemThread@@QEAA_KXZ
- ?GetType@CContext@@QEAAKXZ
- ?GetUserParameter@CContext@@QEAA_KXZ
- ?InitProcMon@CDebugLogEx@@IEAAXXZ
- ?InitializeBlobConfig@CContext@@QEAAHKPEAXK@Z
- ?InitializeFileExtensionConfig@CContext@@QEAAHKPEBG@Z
- ?InitializeFlagConfig@CContext@@QEAAHKK@Z
- ?InitializeMultiStringConfig@CContext@@QEAAHKPEBG@Z
- ?InitializeStringConfig@CContext@@QEAAHKPEBG@Z
- ?Insert@CList@@UEAAXQEAXE@Z
- ?Insert@CLockList@@UEAAXQEAXE@Z
- ?Insert@CNoLockList@@UEAAXQEAXE@Z
- ?InsertAfter@CList@@UEAAXPEAX0@Z
- ?InsertBefore@CList@@UEAAXPEAX0@Z
- ?Instance@CWorkerThreadPool@@SAPEAV1@XZ
- ?IsEmpty@CList@@UEAAEXZ
- ?IsEmpty@CLockList@@UEAAEXZ
- ?IsEmpty@CNoLockList@@UEAAEXZ
- ?IsExceedLimitation@CMemoryPoolAllocator@@IEAAEK@Z
- ?IsFull@CLockList@@QEBAEXZ
- ?IsFull@CNoLockList@@QEBAEXZ
- ?IsInExclusionList@CExclusionExtConfig@@QEAAEPEBG@Z
- ?IsInExclusionList@CExclusionFileNameConfig@@QEAAEPEBG@Z
- ?IsInExclusionList@CExclusionFilePathConfig@@QEAAEPEBG@Z
- ?IsInExclusionList@CExclusionFolderConfig@@QEAAEPEBG@Z
- ?IsInExclusionList@CExclusionRegistryConfig@@QEAAEPEBG@Z
- ?IsInInclusionList@CInclusionExtConfig@@QEAAEPEBG@Z
- ?IsInInclusionList@CInclusionFileNameConfig@@QEAAEPEBG@Z
- ?IsInInclusionList@CInclusionFilePathConfig@@QEAAEPEBG@Z
- ?IsInInclusionList@CInclusionFolderConfig@@QEAAEPEBG@Z
- ?IsOpened@CFile@@QEAAEXZ
- ?IsTerminated@CWorkerThreadPool@@QEAAEXZ
- ?IsTerminated@CWorkerThreadPoolEx@@QEAAEXZ
- ?IsValid@CMemoryAllocator@@UEAAEXZ
- ?IsValid@CMemoryPoolAllocator@@UEAAEXZ
- ?IsValid@IMemoryAllocator@@UEAAEXZ
- ?IsWorkerThread@CWorkerThreadPool@@QEAAE_K@Z
- ?IsWorkerThread@CWorkerThreadPoolEx@@QEAAE_K@Z
- ?JobFunction@CUserFuncAdapterJob@@MEAAXXZ
- ?JobQueue@CWorkerThreadPool@@QEAAAEAVCWorkerThreadJobQueue@@XZ
- ?JobQueue@CWorkerThreadPoolEx@@QEAAAEAVCWorkerThreadJobQueue@@XZ
- ?Limit@CLockList@@QEAAKXZ
- ?Limit@CNoLockList@@QEAAKXZ
- ?MatchAllExtensions@CFileExtension@@QEAAEXZ
- ?MatchNoExtensions@CFileExtension@@QEAAEXZ
- ?MergeLeft@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
- ?MergeRight@CMemoryPoolAllocator@@IEAAPEAXPEAX@Z
- ?NeedDelete@CWorkerThreadJob@@QEAAEXZ
- ?NeedDeleteWhenFinish@CWorkerThreadJob@@QEAAXE@Z
- ?NewNode@CList@@UEAAPEAXXZ
- ?NewNode@CStrList@@EEAAPEAXXZ
- ?NewNodeVariant@CList@@IEAAPEAXK@Z
- ?Next@CList@@UEBAPEAXQEAX@Z
- ?Next@CLockList@@UEBAPEAXQEAX@Z
- ?Next@CNoLockList@@UEBAPEAXQEAX@Z
- ?NextPool@CMemoryPoolAllocator@@QEAAPEAV1@XZ
- ?NotityTerminate@CWorkerThread@@QEAAXXZ
- ?PostJobToWorkerThread@CWorkerThreadPool@@QEAAJP6AXPEAX@Z0E@Z
- ?PostJobToWorkerThread@CWorkerThreadPoolEx@@QEAAJP6AXPEAX@Z0E1@Z
- ?Pulse@CKEvent@@QEAAJJE@Z
- ?QueueJob@CWorkerThreadJobQueue@@QEAAEPEAVCWorkerThreadJob@@@Z
- ?QueueJobItem@CWorkerThreadPool@@QEAAJPEAVCWorkerThreadJob@@@Z
- ?QueueJobItem@CWorkerThreadPoolEx@@QEAAJPEAVCWorkerThreadJob@@@Z
- ?RCMInstance@CWorkerThreadPool@@SAPEAV1@XZ
- ?Read@CFile@@QEAAJPEADKPEAK@Z
- ?ReadWIRP@CFile@@QEAAJPEADKPEAK@Z
- ?ReferenceCount@CContext@@QEAAAEAKXZ
- ?Release@CLockEvent@@QEAAXXZ
- ?Remove@CContextList@@UEAAEQEAX@Z
- ?Remove@CList@@UEAAEQEAX@Z
- ?Remove@CLockList@@UEAAEQEAX@Z
- ?Remove@CNoLockList@@UEAAEQEAX@Z
- ?RemoveHead@CList@@UEAAPEAXXZ
- ?RemoveHead@CLockList@@UEAAPEAXXZ
- ?RemoveHead@CNoLockList@@UEAAPEAXXZ
- ?RemoveTail@CList@@UEAAPEAXXZ
- ?RemoveTail@CLockList@@UEAAPEAXXZ
- ?RemoveTail@CNoLockList@@UEAAPEAXXZ
- ?Reset@CKEvent@@QEAAXXZ
- ?ResetData@CInclusionExtConfig@@QEAAXXZ
- ?ResetData@CInclusionFileNameConfig@@QEAAXXZ
- ?ResetData@CInclusionFilePathConfig@@QEAAXXZ
- ?ResetData@CInclusionFolderConfig@@QEAAXXZ
- ?RestoreCR0@@YAXPEAX@Z
- ?Run@CAutoUpdateConfigThread@@UEAAXXZ
- ?Run@CDelayLoadThread@@UEAAXXZ
- ?Run@CWorkerThread@@UEAAXXZ
- ?SeekToEnd@CFile@@QEAAJXZ
- ?Set@CKEvent@@QEAAJJE@Z
- ?SetAttributes@CFile@@QEAAJK@Z
- ?SetBlobCofig@CContext@@UEAAJKPEAXK@Z
- ?SetData@CBlobConfig@@QEAAHPEAXK@Z
- ?SetData@CModuleFileExtConfig@@QEAAHPEBG@Z
- ?SetData@CModuleFlagConfig@@QEAAHK@Z
- ?SetData@CModuleMultiStringConfig@@QEAAHPEBGK@Z
- ?SetData@CModuleStringConfig@@QEAAHPEBG@Z
- ?SetEngineContext@CContext@@QEAAXPEAX@Z
- ?SetFileExtensionConfig@CContext@@UEAAJKPEBG@Z
- ?SetFlagConfig@CContext@@UEAAJKK@Z
- ?SetLinkContext@CContext@@QEAAXPEAX@Z
- ?SetLogFlag@CDebugLog@@QEAAEK@Z
- ?SetLogFlag@CDebugLogEx@@QEAAEK@Z
- ?SetMatchAllExtensions@CFileExtension@@QEAAXE@Z
- ?SetMatchNoExtensions@CFileExtension@@QEAAXE@Z
- ?SetMultiStringConfig@CContext@@UEAAJKPEBG@Z
- ?SetNewJobItemEvent@CWorkerThreadJobQueue@@QEAAXXZ
- ?SetPriority@CSystemThread@@QEAAXK@Z
- ?SetStopUse@CContext@@QEAAXXZ
- ?SetStringConfig@CContext@@UEAAJKPEBG@Z
- ?Setup@CSystemThread@@MEAAXXZ
- ?StopUse@CContext@@QEAAHXZ
- ?TearDown@CSystemThread@@MEAAXXZ
- ?Terminate@CSystemThread@@QEAAXE@Z
- ?Terminate@CWorkerThreadPool@@QEAAEXZ
- ?Terminate@CWorkerThreadPoolEx@@QEAAEXZ
- ?TmExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
- ?Wait@CKEvent@@QEAAJPEAT_LARGE_INTEGER@@E@Z
- ?WaitFinish@CWorkerThreadJob@@QEAAXXZ
- ?WaitForInit@CDelayLoadThread@@QEAAEXZ
- ?WaitForLoad@CDelayLoadThread@@QEAAEXZ
- ?WaitNewJobAvailable@CWorkerThreadJobQueue@@QEAAEXZ
- ?WaitQueueEmpty@CWorkerThreadJobQueue@@QEAAXXZ
- ?Write@CDebugLog@@QEAAXPEBDZZ
- ?Write@CDebugLogEx@@QEAAXPEBDZZ
- ?Write@CFile@@QEAAJPEADKPEAT_LARGE_INTEGER@@PEAK@Z
- ?WriteDataToFile@CDebugLogEx@@IEAAXPEADK@Z
- ?WriteDataToProcMonW@CDebugLogEx@@IEAAXPEAD@Z
- ?WriteSystemInformation@CDebugLog@@QEAAXXZ
- ?WriteSystemInformation@CDebugLogEx@@QEAAXXZ
- ?WriteSystemStringInformation@CDebugLog@@IEAAXPEBG@Z
- ?WriteSystemStringInformation@CDebugLogEx@@IEAAXPEBG@Z
- ?WriteToFile@CDebugLog@@IEAAXPEADK@Z
- ?WriteToProcMonW@CDebugLogEx@@IEAAXPEAU_UNICODE_STRING@@@Z
- ?_pNonPagedAllocator@@3PEAVCMemoryAllocator@@EA
- ?_pPagedAllocator@@3PEAVCMemoryAllocator@@EA
- ?m_lpInstance@CWorkerThreadPool@@1PEAV1@EA
- ?m_lpRCMInstance@CWorkerThreadPool@@1PEAV1@EA
- AllocFullFileName
- DeInitKm2UmCommunication
- DeInitKmLPC
- DuplicateFullFileName
- FreeFullFileName
- GetKm2UmMode
- GetModuleInfoByAddress
- GetModuleInfoByModuleName
- InitKm2UmCommunication
- InitKmLPC
- IsVerifierCodeCheckFlagOn
- IsWindows8_1_update
- KmCallUm
- KmCallUmByLPC
- KmCallUmEx
- KmCleanupCommPortAPIs
- KmGetUmInitProcess
- KmSetBackupCommPortAPIs
- KmSetCommPortAPIs
- ModGetExportProcAddress
- ModLoadDLLToBuffer
- ModLoadDLLToBufferWithImageSize
- ModLoadModule
- ModUnLoadModule
- NormalizeFileName
- NormalizeFullNtPathToDosName
- TmCommConfigRoutine
- UtilAddDeviceInDriveTable
- UtilAddReparsePointMapping
- UtilCleanFileReadOnly
- UtilCloseExclusiveHandle
- UtilCreateDosFileName
- UtilDeleteFileForce
- UtilGetDeviceObjectName
- UtilGetFileNameFromFileObject
- UtilGetFileObjectForProcessByEPROC
- UtilGetFileObjectFromFileName
- UtilGetProcessName
- UtilGetSystemDirectory
- UtilGetSystemDirectoryEx
- UtilGetSystemDirectoryLength
- UtilGetSystemTime
- UtilIoSetFileInfo
- UtilIopCreateFileIRP
- UtilKeGetLowFileDevice
- UtilModuleIATHook
- UtilModuleIATUnHook
- UtilPostJobToWorkerThread
- UtilQueryExclusiveHandle
- UtilQueryKeyValue
- UtilRemoveDeviceFromDriveTable
- UtilVolumeDeviceToDosName
- UtilWaitValueChangeToZero
- UtilWriteVersionToRegistry
- UtilbuildDynamicDiskMappingTable
- UtlWriteBinValueKeyToRegistry
- ValidateAddressWithSize
- _ResetProtectFromClose
- _UtilDosPathNameToNtPathName
Sections
Expand
- .text
- .rdata
- .data
- .pdata
- .gfids
- PAGE
- .edata
- INIT
- .rsrc
- .reloc
Signature
Expand
{
"Certificates": [
{
"IsCertificateAuthority": true,
"SerialNumber": "7e93ebfb7cc64e59ea4b9a77d406fc3b",
"Signature": "03099b8f79ef7f5930aaef68b5fae3091dbb4f82065d375fa6529f168dea1c9209446ef56deb587c30e8f9698d23730b126f47a9ae3911f82ab19bb01ac38eeb599600adce0c4db2d031a6085c2a7afce27a1d574ca86518e979406225966ec7c7376a8321088e41eaddd9573f1d7749872a16065ea6386a2212a35119837eb6",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services CA , G2",
"TBS": {
"MD5": "d0785ad36e427c92b19f6826ab1e8020",
"SHA1": "365b7a9c21bd9373e49052c3e7b3e4646ddd4d43",
"SHA256": "c2abb7484da91a658548de089d52436175fdb760a1387d225611dc0613a1e2ff",
"SHA384": "eab4fe5ef90e0de4a6aa3a27769a5e879f588df5e4785aa4104debd1f81e19ea56d33e3a16e5facf99f68b5d8e3d287b"
},
"ValidFrom": "2012-12-21 00:00:00",
"ValidTo": "2020-12-30 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "0ecff438c8febf356e04d86a981b1a50",
"Signature": "783bb4912a004cf08f62303778a38427076f18b2de25dca0d49403aa864e259f9a40031cddcee379cb216806dab632b46dbff42c266333e449646d0de6c3670ef705a4356c7c8916c6e9b2dfb2e9dd20c6710fcd9574dcb65cdebd371f4378e678b5cd280420a3aaf14bc48829910e80d111fcdd5c766e4f5e0e4546416e0db0ea389ab13ada097110fc1c79b4807bac69f4fd9cb60c162bf17f5b093d9b5be216ca13816d002e380da8298f2ce1b2f45aa901af159c2c2f491bdb22bbc3fe789451c386b182885df03db451a179332b2e7bb9dc20091371eb6a195bcfe8a530572c89493fb9cf7fc9bf3e226863539abd6974acc51d3c7f92e0c3bc1cd80475",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=Symantec Corporation, CN=Symantec Time Stamping Services Signer , G4",
"TBS": {
"MD5": "e9d38360b914c8863f6cba3ee58764d3",
"SHA1": "4cba8eae47b6bf76f20b3504b98b8f062694a89b",
"SHA256": "88901d86a4cc1f1bb193d08e1fb63d27452e63f83e228c657ab1a92e4ade3976",
"SHA384": "e9f2a75334a9e336c5a4712eadee88d0374b0fdc273262f4e65c9040ad2793067cc076696db5279a478773485e285652"
},
"ValidFrom": "2012-10-18 00:00:00",
"ValidTo": "2020-12-29 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": false,
"SerialNumber": "497c4fad471540e6e453d0cafb155740",
"Signature": "f3b20c020c826fd9e2629408ffc97c9e245959d1050c9ce7708069d366d26af191812e16fce674eaca0d8f05b2a796280831737299800d2bfe0071efecf655117b7952a4d7c0701b97de034a1d42e928fd1a2082b081f9d22e9d39af3233cf05c1e61ae1f8fbfec872e78d9a0b29b4f147f1a053d1757a824601df2bb07c75c591fe7efbaf0021764b90cd446f85f80d14bc2cd42c83edfa7d2510f8f94c82d1b3ea999b1cff9093291977c7e996dc32904d3934f167077684ff76aa5327654a0bd7223d9d67657b47c5b46012dca6723d89e7fa051b3380d0c4977b9df537e75da3186ab149b27c089715a01bd695f408f7ded66bfbe920d27a6f6a7d4cc8b3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=TW, ST=Taiwan, L=Taipei, O=Trend Micro, Inc., CN=Trend Micro, Inc.",
"TBS": {
"MD5": "78eaa337666217b1c16a9a0ebd0b8434",
"SHA1": "ff9cb835e78f6185eed4372096c3bae53b17d18d",
"SHA256": "1c0d9746725e176b4a7c2852878f14d7587f58e65d346bc1247f1c8ee6374250",
"SHA384": "ffe3c75b860679a5de399c7d2c2844dbfac51d5d8581e24648d208daba1e4bed5c867808e02dc8d7cb3df1d4b2b53d10"
},
"ValidFrom": "2017-04-27 00:00:00",
"ValidTo": "2018-07-16 23:59:59",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "611993e400000000001c",
"Signature": "812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5",
"TBS": {
"MD5": "78a717e082dcc1cda3458d917e677d14",
"SHA1": "4a872e0e51f9b304469cd1dedb496ee9b8b983a4",
"SHA256": "317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8",
"SHA384": "b71052da4eb9157c8c1a5d7f55df19d69b9128598b72fcca608e5b7cc7d64c43c5504b9c86355a6dc22ee40c88cc385c"
},
"ValidFrom": "2011-02-22 19:25:17",
"ValidTo": "2021-02-22 19:35:17",
"Version": 3
},
{
"IsCertificateAuthority": true,
"SerialNumber": "5200e5aa2556fc1a86ed96c9d44b33c7",
"Signature": "5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3",
"SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
"Subject": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"TBS": {
"MD5": "b30c31a572b0409383ed3fbe17e56e81",
"SHA1": "4843a82ed3b1f2bfbee9671960e1940c942f688d",
"SHA256": "03cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9",
"SHA384": "bbda8407c4f9fc4e54d772f1c7fb9d30bc97e1f97ecd51c443063d1fa0644e266328781776cd5c44896c457c75f4d7da"
},
"ValidFrom": "2010-02-08 00:00:00",
"ValidTo": "2020-02-07 23:59:59",
"Version": 3
}
],
"CertificatesInfo": "",
"Signer": [
{
"Issuer": "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA",
"SerialNumber": "497c4fad471540e6e453d0cafb155740",
"Version": 1
}
],
"SignerInfo": ""
}
last_updated: 2024-04-09