Connected to Windows XP 2600 x86 compatible target at (Fri Dec 19 04:33:17.149 2025 (UTC - 9:00)), ptr64 FALSE Kernel Debugger connection established. Symbol search path is: C:\msvc_pdb_xp_sp3 Executable search path is: Windows XP Kernel Version 2600 UP Free x86 compatible Built by: 2600.xpsp.080413-2111 Machine Name: Kernel base = 0x80400000 PsLoadedModuleList = 0x804841c0 System Uptime: not available SMSS: !!! MiniNT Boot !!! Break instruction exception - code 80000003 (first chance) ******************************************************************************* * * * You are seeing this message because you pressed either * * CTRL+C (if you run kd.exe) or, * * CTRL+BREAK (if you run WinDBG), * * on your debugger machine's keyboard. * * * * THIS IS NOT A BUG OR A SYSTEM CRASH * * * * If you did not intend to break into the debugger, press the "g" key, then * * press the "Enter" key now. This message might immediately reappear. If it * * does, press "g" and "Enter" again. * * * ******************************************************************************* nt!RtlpBreakWithStatusInstruction: 8040c592 cc int 3 kd> .reload Connected to Windows XP 2600 x86 compatible target at (Fri Dec 19 04:34:47.794 2025 (UTC - 9:00)), ptr64 FALSE Loading Kernel Symbols ............................................... Loading User Symbols ...................... Loading unloaded module list ................................................... kd> bp vmx_svga+0xce0a *** ERROR: Module load completed but symbols could not be loaded for vmx_svga.sys kd> g Breakpoint 0 hit vmx_svga+0xce0a: f79a9e0a e8f93bffff call vmx_svga+0xa08 (f799da08) kd> t vmx_svga+0xa08: f799da08 8bff mov edi,edi kd> bd 0 kd> p 400 vmx_svga+0xa0a: f799da0a 55 push ebp vmx_svga+0xa0b: f799da0b 8bec mov ebp,esp vmx_svga+0xa0d: f799da0d 5d pop ebp vmx_svga+0xa0e: f799da0e ff2584169af7 jmp dword ptr [vmx_svga+0x4684 (f79a1684)] nt!ExFreePoolWithTag: 80474587 8bff mov edi,edi nt!ExFreePoolWithTag+0x2: 80474589 55 push ebp nt!ExFreePoolWithTag+0x3: 8047458a 8bec mov ebp,esp nt!ExFreePoolWithTag+0x5: 8047458c 83ec28 sub esp,28h nt!ExFreePoolWithTag+0x8: 8047458f a080fd4780 mov al,byte ptr [nt!ExpPoolFlags (8047fd80)] nt!ExFreePoolWithTag+0xd: 80474594 a83f test al,3Fh nt!ExFreePoolWithTag+0xf: 80474596 53 push ebx nt!ExFreePoolWithTag+0x10: 80474597 56 push esi nt!ExFreePoolWithTag+0x11: 80474598 57 push edi nt!ExFreePoolWithTag+0x12: 80474599 c645e000 mov byte ptr [ebp-20h],0 nt!ExFreePoolWithTag+0x16: 8047459d 0f85590d0000 jne nt!ExFreePoolWithTag+0x1c (804752fc) nt!ExFreePoolWithTag+0xef: 804745a3 66f74508ff0f test word ptr [ebp+8],0FFFh nt!ExFreePoolWithTag+0xf5: 804745a9 0f8416030000 je nt!ExFreePoolWithTag+0xfb (804748c5) nt!ExFreePoolWithTag+0xfb: 804748c5 ff7508 push dword ptr [ebp+8] nt!ExFreePoolWithTag+0xfe: 804748c8 e8f0aef9ff call nt!MmDeterminePoolType (8040f7bd) nt!ExFreePoolWithTag+0x103: 804748cd 8b3584c84880 mov esi,dword ptr [nt!ExpSessionPoolDescriptor (8048c884)] nt!ExFreePoolWithTag+0x109: 804748d3 8bd8 mov ebx,eax nt!ExFreePoolWithTag+0x10b: 804748d5 83fb21 cmp ebx,21h nt!ExFreePoolWithTag+0x10e: 804748d8 7407 je nt!ExFreePoolWithTag+0x117 (804748e1) nt!ExFreePoolWithTag+0x110: 804748da 8b349d60b74880 mov esi,dword ptr nt!PoolVector (8048b760)[ebx*4] nt!ExFreePoolWithTag+0x117: 804748e1 833d00c8488000 cmp dword ptr [nt!PoolTrackTable (8048c800)],0 nt!ExFreePoolWithTag+0x11e: 804748e8 0f85ea0a0000 jne nt!ExFreePoolWithTag+0x120 (804753d8) nt!ExFreePoolWithTag+0x17d: 804748ee f60601 test byte ptr [esi],1 nt!ExFreePoolWithTag+0x180: 804748f1 0f84b5000000 je nt!ExFreePoolWithTag+0x182 (804749ac) nt!ExFreePoolWithTag+0x1a3: 804748f7 8b4e1c mov ecx,dword ptr [esi+1Ch] nt!ExFreePoolWithTag+0x1a6: 804748fa ff158c064080 call dword ptr [nt!_imp_ExAcquireFastMutex (8040068c)] nt!ExFreePoolWithTag+0x1ac: 80474900 ff7508 push dword ptr [ebp+8] nt!ExFreePoolWithTag+0x1af: 80474903 ff460c inc dword ptr [esi+0Ch] nt!ExFreePoolWithTag+0x1b2: 80474906 e815e3ffff call nt!MiFreePoolPages (80472c20) nt!ExFreePoolWithTag+0x1b7: 8047490b 8bd8 mov ebx,eax nt!ExFreePoolWithTag+0x1b9: 8047490d a080fd4780 mov al,byte ptr [nt!ExpPoolFlags (8047fd80)] nt!ExFreePoolWithTag+0x1be: 80474912 a817 test al,17h nt!ExFreePoolWithTag+0x1c0: 80474914 0f85350b0000 jne nt!ExFreePoolWithTag+0x1c2 (8047544f) nt!ExFreePoolWithTag+0x20a: 8047491a 295e14 sub dword ptr [esi+14h],ebx nt!ExFreePoolWithTag+0x20d: 8047491d f60601 test byte ptr [esi],1 nt!ExFreePoolWithTag+0x210: 80474920 0f84a0000000 je nt!ExFreePoolWithTag+0x212 (804749c6) nt!ExFreePoolWithTag+0x22c: 80474926 8b4e1c mov ecx,dword ptr [esi+1Ch] nt!ExFreePoolWithTag+0x670: 80474929 ff1590064080 call dword ptr [nt!_imp_ExReleaseFastMutex (80400690)] nt!ExFreePoolWithTag+0x676: 8047492f e984fdffff jmp nt!ExFreePoolWithTag+0x676 (804746b8) nt!ExFreePoolWithTag+0x676: 804746b8 5f pop edi nt!ExFreePoolWithTag+0x677: 804746b9 5e pop esi nt!ExFreePoolWithTag+0x678: 804746ba 5b pop ebx nt!ExFreePoolWithTag+0x679: 804746bb c9 leave nt!ExFreePoolWithTag+0x67a: 804746bc c20800 ret 8 vmx_svga+0xce0f: f79a9e0f 8b4604 mov eax,dword ptr [esi+4] vmx_svga+0xce12: f79a9e12 33ff xor edi,edi vmx_svga+0xce14: f79a9e14 c7400410000000 mov dword ptr [eax+4],10h vmx_svga+0xce1b: f79a9e1b e9cb020000 jmp vmx_svga+0xd0eb (f79aa0eb) vmx_svga+0xd0eb: f79aa0eb 8b4604 mov eax,dword ptr [esi+4] vmx_svga+0xd0ee: f79aa0ee 8938 mov dword ptr [eax],edi vmx_svga+0xd0f0: f79aa0f0 b001 mov al,1 vmx_svga+0xd0f2: f79aa0f2 5e pop esi vmx_svga+0xd0f3: f79aa0f3 5f pop edi vmx_svga+0xd0f4: f79aa0f4 5b pop ebx vmx_svga+0xd0f5: f79aa0f5 c9 leave vmx_svga+0xd0f6: f79aa0f6 c20800 ret 8 VIDEOPRT!pVideoPortDispatch+0xabf: f7303729 81ff00022300 cmp edi,230200h VIDEOPRT!pVideoPortDispatch+0xac5: f730372f 751b jne VIDEOPRT!pVideoPortDispatch+0xae2 (f730374c) VIDEOPRT!pVideoPortDispatch+0xae2: f730374c 8b06 mov eax,dword ptr [esi] VIDEOPRT!pVideoPortDispatch+0xae4: f730374e 85c0 test eax,eax VIDEOPRT!pVideoPortDispatch+0xae6: f7303750 0f8427020000 je VIDEOPRT!pVideoPortDispatch+0xd13 (f730397d) VIDEOPRT!pVideoPortDispatch+0xd13: f730397d 8b06 mov eax,dword ptr [esi] VIDEOPRT!pVideoPortDispatch+0xd15: f730397f 8945bc mov dword ptr [ebp-44h],eax VIDEOPRT!pVideoPortDispatch+0xd18: f7303982 8b4588 mov eax,dword ptr [ebp-78h] VIDEOPRT!pVideoPortDispatch+0xd1b: f7303985 6a00 push 0 VIDEOPRT!pVideoPortDispatch+0xd1d: f7303987 ff7058 push dword ptr [eax+58h] VIDEOPRT!pVideoPortDispatch+0xd20: f730398a ff15b4822ff7 call dword ptr [VIDEOPRT!_imp__KeReleaseMutex (f72f82b4)] VIDEOPRT!pVideoPortDispatch+0xd26: f7303990 5f pop edi VIDEOPRT!pVideoPortDispatch+0xd27: f7303991 b803010000 mov eax,103h VIDEOPRT!pVideoPortDispatch+0xd2c: f7303996 3945bc cmp dword ptr [ebp-44h],eax VIDEOPRT!pVideoPortDispatch+0xd2f: f7303999 5e pop esi VIDEOPRT!pVideoPortDispatch+0xd30: f730399a 5b pop ebx VIDEOPRT!pVideoPortDispatch+0xd31: f730399b 740e je VIDEOPRT!pVideoPortDispatch+0xd41 (f73039ab) VIDEOPRT!pVideoPortDispatch+0xd33: f730399d 8b4d98 mov ecx,dword ptr [ebp-68h] VIDEOPRT!pVideoPortDispatch+0xd36: f73039a0 b201 mov dl,1 VIDEOPRT!pVideoPortDispatch+0xd38: f73039a2 ff1588812ff7 call dword ptr [VIDEOPRT!_imp_IofCompleteRequest (f72f8188)] VIDEOPRT!pVideoPortDispatch+0xd3e: f73039a8 8b45bc mov eax,dword ptr [ebp-44h] VIDEOPRT!pVideoPortDispatch+0xd41: f73039ab 8b4dfc mov ecx,dword ptr [ebp-4] VIDEOPRT!pVideoPortDispatch+0xd44: f73039ae e8ff44ffff call VIDEOPRT!__security_check_cookie (f72f7eb2) VIDEOPRT!pVideoPortDispatch+0xd49: f73039b3 c9 leave VIDEOPRT!pVideoPortDispatch+0xd4a: f73039b4 c20800 ret 8 nt!IopfCallDriver+0x31: 8040c7f7 5e pop esi nt!IopfCallDriver+0x32: 8040c7f8 c3 ret win32k!GreDeviceIoControl+0x93: bf85a1ae 3d03010000 cmp eax,103h win32k!GreDeviceIoControl+0x98: bf85a1b3 8945fc mov dword ptr [ebp-4],eax win32k!GreDeviceIoControl+0x9b: bf85a1b6 7412 je win32k!GreDeviceIoControl+0x9d (bf85a1ca) win32k!GreDeviceIoControl+0xb3: bf85a1b8 8b4520 mov eax,dword ptr [ebp+20h] win32k!GreDeviceIoControl+0xb6: bf85a1bb 8b4df8 mov ecx,dword ptr [ebp-8] win32k!GreDeviceIoControl+0xb9: bf85a1be 8908 mov dword ptr [eax],ecx win32k!GreDeviceIoControl+0xbb: bf85a1c0 8b45fc mov eax,dword ptr [ebp-4] win32k!GreDeviceIoControl+0xc5: bf85a1c3 5f pop edi win32k!GreDeviceIoControl+0xc6: bf85a1c4 5e pop esi win32k!GreDeviceIoControl+0xc7: bf85a1c5 5b pop ebx win32k!GreDeviceIoControl+0xc8: bf85a1c6 c9 leave win32k!GreDeviceIoControl+0xc9: bf85a1c7 c21c00 ret 1Ch win32k!EngDeviceIoControl+0x1f: bf85a228 b99a0000c0 mov ecx,0C000009Ah win32k!EngDeviceIoControl+0x24: bf85a22d 3bc1 cmp eax,ecx win32k!EngDeviceIoControl+0x26: bf85a22f 7e11 jle win32k!EngDeviceIoControl+0x28 (bf85a242) win32k!EngDeviceIoControl+0x5e: bf85a231 3dc00000c0 cmp eax,0C00000C0h win32k!EngDeviceIoControl+0x63: bf85a236 74c1 je win32k!EngDeviceIoControl+0x7b (bf85a1f9) win32k!EngDeviceIoControl+0x65: bf85a238 85c0 test eax,eax win32k!EngDeviceIoControl+0x67: bf85a23a 75af jne win32k!EngDeviceIoControl+0x69 (bf85a1eb) win32k!EngDeviceIoControl+0x77: bf85a23c 33c0 xor eax,eax win32k!EngDeviceIoControl+0x7e: bf85a23e 5d pop ebp win32k!EngDeviceIoControl+0x7f: bf85a23f c21c00 ret 1Ch *** ERROR: Module load completed but symbols could not be loaded for vmx_fb.dll vmx_fb+0x23c23: bf9f8c23 5f pop edi vmx_fb+0x23c24: bf9f8c24 c9 leave vmx_fb+0x23c25: bf9f8c25 c20c00 ret 0Ch vmx_fb+0x23e5c: bf9f8e5c ff7714 push dword ptr [edi+14h] vmx_fb+0x23e5f: bf9f8e5f ff15c87ca0bf call dword ptr [vmx_fb+0x32cc8 (bfa07cc8)] vmx_fb+0x23e65: bf9f8e65 6a09 push 9 vmx_fb+0x23e67: bf9f8e67 33c0 xor eax,eax vmx_fb+0x23e69: bf9f8e69 3975fc cmp dword ptr [ebp-4],esi vmx_fb+0x23e6c: bf9f8e6c 59 pop ecx vmx_fb+0x23e6d: bf9f8e6d f3ab rep stos dword ptr es:[edi] vmx_fb+0x23e6f: bf9f8e6f 740d je vmx_fb+0x23e7e (bf9f8e7e) vmx_fb+0x23e7e: bf9f8e7e 33c0 xor eax,eax vmx_fb+0x23e80: bf9f8e80 40 inc eax vmx_fb+0x23e81: bf9f8e81 5f pop edi vmx_fb+0x23e82: bf9f8e82 5e pop esi vmx_fb+0x23e83: bf9f8e83 c9 leave vmx_fb+0x23e84: bf9f8e84 c20400 ret 4 vmx_fb+0x240f5: bf9f90f5 85c0 test eax,eax vmx_fb+0x240f7: bf9f90f7 74ce je vmx_fb+0x240c7 (bf9f90c7) vmx_fb+0x240f9: bf9f90f9 837e08ff cmp dword ptr [esi+8],0FFFFFFFFh vmx_fb+0x240fd: bf9f90fd 742d je vmx_fb+0x2412c (bf9f912c) vmx_fb+0x240ff: bf9f90ff 8b462c mov eax,dword ptr [esi+2Ch] vmx_fb+0x24102: bf9f9102 290584aea0bf sub dword ptr [vmx_fb+0x35e84 (bfa0ae84)],eax vmx_fb+0x24108: bf9f9108 ff7608 push dword ptr [esi+8] vmx_fb+0x2410b: bf9f910b 53 push ebx vmx_fb+0x2410c: bf9f910c e837ffffff call vmx_fb+0x24048 (bf9f9048) vmx_fb+0x24111: bf9f9111 85c0 test eax,eax vmx_fb+0x24113: bf9f9113 7517 jne vmx_fb+0x2412c (bf9f912c) vmx_fb+0x2412c: bf9f912c b001 mov al,1 vmx_fb+0x2412e: bf9f912e ebf6 jmp vmx_fb+0x24126 (bf9f9126) vmx_fb+0x24126: bf9f9126 834e08ff or dword ptr [esi+8],0FFFFFFFFh vmx_fb+0x2412a: bf9f912a eb9d jmp vmx_fb+0x240c9 (bf9f90c9) vmx_fb+0x240c9: bf9f90c9 5e pop esi vmx_fb+0x240ca: bf9f90ca 5b pop ebx vmx_fb+0x240cb: bf9f90cb 5d pop ebp vmx_fb+0x240cc: bf9f90cc c20c00 ret 0Ch vmx_fb+0x24151: bf9f9151 837e1800 cmp dword ptr [esi+18h],0 vmx_fb+0x24155: bf9f9155 7425 je vmx_fb+0x2417c (bf9f917c) vmx_fb+0x24157: bf9f9157 ff750c push dword ptr [ebp+0Ch] vmx_fb+0x2415a: bf9f915a 8d4614 lea eax,[esi+14h] vmx_fb+0x2415d: bf9f915d e8a4fcffff call vmx_fb+0x23e06 (bf9f8e06) vmx_fb+0x24162: bf9f9162 85c0 test eax,eax vmx_fb+0x24164: bf9f9164 7502 jne vmx_fb+0x24168 (bf9f9168) vmx_fb+0x24168: bf9f9168 85ff test edi,edi vmx_fb+0x2416a: bf9f916a 8b06 mov eax,dword ptr [esi] vmx_fb+0x2416c: bf9f916c 7408 je vmx_fb+0x24176 (bf9f9176) vmx_fb+0x24176: bf9f9176 290584aea0bf sub dword ptr [vmx_fb+0x35e84 (bfa0ae84)],eax vmx_fb+0x2417c: bf9f917c 33c0 xor eax,eax vmx_fb+0x2417e: bf9f917e 40 inc eax vmx_fb+0x2417f: bf9f917f 5f pop edi vmx_fb+0x24180: bf9f9180 5e pop esi vmx_fb+0x24181: bf9f9181 5b pop ebx vmx_fb+0x24182: bf9f9182 5d pop ebp vmx_fb+0x24183: bf9f9183 c20c00 ret 0Ch vmx_fb+0x458a: bf9d958a 83f801 cmp eax,1 vmx_fb+0x458d: bf9d958d 740b je vmx_fb+0x459a (bf9d959a) vmx_fb+0x459a: bf9d959a 5e pop esi vmx_fb+0x459b: bf9d959b c9 leave vmx_fb+0x459c: bf9d959c c20400 ret 4 vmx_fb+0x4751: bf9d9751 8365fc00 and dword ptr [ebp-4],0 vmx_fb+0x4755: bf9d9755 8dbb9c010000 lea edi,[ebx+19Ch] vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x4760: bf9d9760 8b550c mov edx,dword ptr [ebp+0Ch] vmx_fb+0x4763: bf9d9763 8b87fcfeffff mov eax,dword ptr [edi-104h] vmx_fb+0x4769: bf9d9769 81c2f0140000 add edx,14F0h vmx_fb+0x476f: bf9d976f e8fce0ffff call vmx_fb+0x2870 (bf9d7870) vmx_fb+0x4774: bf9d9774 8bf0 mov esi,eax vmx_fb+0x4776: bf9d9776 85f6 test esi,esi vmx_fb+0x4778: bf9d9778 7438 je vmx_fb+0x47b2 (bf9d97b2) vmx_fb+0x477a: bf9d977a 830fff or dword ptr [edi],0FFFFFFFFh vmx_fb+0x477d: bf9d977d 57 push edi vmx_fb+0x477e: bf9d977e ff75fc push dword ptr [ebp-4] vmx_fb+0x4781: bf9d9781 ff7304 push dword ptr [ebx+4] vmx_fb+0x4784: bf9d9784 ff7508 push dword ptr [ebp+8] vmx_fb+0x4787: bf9d9787 e802980000 call vmx_fb+0xdf8e (bf9e2f8e) vmx_fb+0x478c: bf9d978c ff7508 push dword ptr [ebp+8] vmx_fb+0x478f: bf9d978f e862d4ffff call vmx_fb+0x1bf6 (bf9d6bf6) vmx_fb+0x4794: bf9d9794 8b4e4c mov ecx,dword ptr [esi+4Ch] vmx_fb+0x4797: bf9d9797 85c9 test ecx,ecx vmx_fb+0x4799: bf9d9799 7412 je vmx_fb+0x47ad (bf9d97ad) vmx_fb+0x479b: bf9d979b 894114 mov dword ptr [ecx+14h],eax vmx_fb+0x479e: bf9d979e 8b450c mov eax,dword ptr [ebp+0Ch] vmx_fb+0x47a1: bf9d97a1 8b80cc150000 mov eax,dword ptr [eax+15CCh] vmx_fb+0x47a7: bf9d97a7 ff4934 dec dword ptr [ecx+34h] vmx_fb+0x47aa: bf9d97aa 894118 mov dword ptr [ecx+18h],eax vmx_fb+0x47ad: bf9d97ad ff4e08 dec dword ptr [esi+8] vmx_fb+0x47b0: bf9d97b0 eb12 jmp vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x4760: bf9d9760 8b550c mov edx,dword ptr [ebp+0Ch] vmx_fb+0x4763: bf9d9763 8b87fcfeffff mov eax,dword ptr [edi-104h] vmx_fb+0x4769: bf9d9769 81c2f0140000 add edx,14F0h vmx_fb+0x476f: bf9d976f e8fce0ffff call vmx_fb+0x2870 (bf9d7870) vmx_fb+0x4774: bf9d9774 8bf0 mov esi,eax vmx_fb+0x4776: bf9d9776 85f6 test esi,esi vmx_fb+0x4778: bf9d9778 7438 je vmx_fb+0x47b2 (bf9d97b2) vmx_fb+0x477a: bf9d977a 830fff or dword ptr [edi],0FFFFFFFFh vmx_fb+0x477d: bf9d977d 57 push edi vmx_fb+0x477e: bf9d977e ff75fc push dword ptr [ebp-4] vmx_fb+0x4781: bf9d9781 ff7304 push dword ptr [ebx+4] vmx_fb+0x4784: bf9d9784 ff7508 push dword ptr [ebp+8] vmx_fb+0x4787: bf9d9787 e802980000 call vmx_fb+0xdf8e (bf9e2f8e) vmx_fb+0x478c: bf9d978c ff7508 push dword ptr [ebp+8] vmx_fb+0x478f: bf9d978f e862d4ffff call vmx_fb+0x1bf6 (bf9d6bf6) vmx_fb+0x4794: bf9d9794 8b4e4c mov ecx,dword ptr [esi+4Ch] vmx_fb+0x4797: bf9d9797 85c9 test ecx,ecx vmx_fb+0x4799: bf9d9799 7412 je vmx_fb+0x47ad (bf9d97ad) vmx_fb+0x479b: bf9d979b 894114 mov dword ptr [ecx+14h],eax vmx_fb+0x479e: bf9d979e 8b450c mov eax,dword ptr [ebp+0Ch] vmx_fb+0x47a1: bf9d97a1 8b80cc150000 mov eax,dword ptr [eax+15CCh] vmx_fb+0x47a7: bf9d97a7 ff4934 dec dword ptr [ecx+34h] vmx_fb+0x47aa: bf9d97aa 894118 mov dword ptr [ecx+18h],eax vmx_fb+0x47ad: bf9d97ad ff4e08 dec dword ptr [esi+8] vmx_fb+0x47b0: bf9d97b0 eb12 jmp vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x475b: bf9d975b 833fff cmp dword ptr [edi],0FFFFFFFFh vmx_fb+0x475e: bf9d975e 7464 je vmx_fb+0x47c4 (bf9d97c4) vmx_fb+0x47c4: bf9d97c4 ff45fc inc dword ptr [ebp-4] vmx_fb+0x47c7: bf9d97c7 83c70c add edi,0Ch vmx_fb+0x47ca: bf9d97ca 837dfc0a cmp dword ptr [ebp-4],0Ah vmx_fb+0x47ce: bf9d97ce 728b jb vmx_fb+0x475b (bf9d975b) vmx_fb+0x47d0: bf9d97d0 8365fc00 and dword ptr [ebp-4],0 vmx_fb+0x47d4: bf9d97d4 8db31c010000 lea esi,[ebx+11Ch] vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x47da: bf9d97da 83be04010000ff cmp dword ptr [esi+104h],0FFFFFFFFh vmx_fb+0x47e1: bf9d97e1 747c je vmx_fb+0x485f (bf9d985f) vmx_fb+0x485f: bf9d985f ff45fc inc dword ptr [ebp-4] vmx_fb+0x4862: bf9d9862 83c604 add esi,4 vmx_fb+0x4865: bf9d9865 837dfc20 cmp dword ptr [ebp-4],20h vmx_fb+0x4869: bf9d9869 0f826bffffff jb vmx_fb+0x47da (bf9d97da) vmx_fb+0x486f: bf9d986f 8365fc00 and dword ptr [ebp-4],0 vmx_fb+0x4873: bf9d9873 8dbb10010000 lea edi,[ebx+110h] vmx_fb+0x4879: bf9d9879 83bf04010000ff cmp dword ptr [edi+104h],0FFFFFFFFh vmx_fb+0x4880: bf9d9880 7466 je vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x48e8: bf9d98e8 ff45fc inc dword ptr [ebp-4] vmx_fb+0x48eb: bf9d98eb 83c704 add edi,4 vmx_fb+0x48ee: bf9d98ee 837dfc03 cmp dword ptr [ebp-4],3 vmx_fb+0x48f2: bf9d98f2 7285 jb vmx_fb+0x4879 (bf9d9879) vmx_fb+0x4879: bf9d9879 83bf04010000ff cmp dword ptr [edi+104h],0FFFFFFFFh vmx_fb+0x4880: bf9d9880 7466 je vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x4882: bf9d9882 ff75fc push dword ptr [ebp-4] vmx_fb+0x4885: bf9d9885 8b750c mov esi,dword ptr [ebp+0Ch] vmx_fb+0x4888: bf9d9888 e86ff7ffff call vmx_fb+0x3ffc (bf9d8ffc) vmx_fb+0x488d: bf9d988d 8bd0 mov edx,eax vmx_fb+0x488f: bf9d988f 85d2 test edx,edx vmx_fb+0x4891: bf9d9891 7455 je vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x4893: bf9d9893 8b07 mov eax,dword ptr [edi] vmx_fb+0x4895: bf9d9895 e8d6dfffff call vmx_fb+0x2870 (bf9d7870) vmx_fb+0x489a: bf9d989a ff75fc push dword ptr [ebp-4] vmx_fb+0x489d: bf9d989d 8bf0 mov esi,eax vmx_fb+0x489f: bf9d989f 85f6 test esi,esi vmx_fb+0x48a1: bf9d98a1 7436 je vmx_fb+0x48d9 (bf9d98d9) vmx_fb+0x48a3: bf9d98a3 6aff push 0FFFFFFFFh vmx_fb+0x48a5: bf9d98a5 ff7304 push dword ptr [ebx+4] vmx_fb+0x48a8: bf9d98a8 ff7508 push dword ptr [ebp+8] vmx_fb+0x48ab: bf9d98ab e8889e0000 call vmx_fb+0xe738 (bf9e3738) vmx_fb+0x48b0: bf9d98b0 ff7508 push dword ptr [ebp+8] vmx_fb+0x48b3: bf9d98b3 838f04010000ff or dword ptr [edi+104h],0FFFFFFFFh vmx_fb+0x48ba: bf9d98ba e837d3ffff call vmx_fb+0x1bf6 (bf9d6bf6) vmx_fb+0x48bf: bf9d98bf 8b4e14 mov ecx,dword ptr [esi+14h] vmx_fb+0x48c2: bf9d98c2 894114 mov dword ptr [ecx+14h],eax vmx_fb+0x48c5: bf9d98c5 8b450c mov eax,dword ptr [ebp+0Ch] vmx_fb+0x48c8: bf9d98c8 8b80cc150000 mov eax,dword ptr [eax+15CCh] vmx_fb+0x48ce: bf9d98ce ff4930 dec dword ptr [ecx+30h] vmx_fb+0x48d1: bf9d98d1 894118 mov dword ptr [ecx+18h],eax vmx_fb+0x48d4: bf9d98d4 ff4e08 dec dword ptr [esi+8] vmx_fb+0x48d7: bf9d98d7 eb0f jmp vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x48e8: bf9d98e8 ff45fc inc dword ptr [ebp-4] vmx_fb+0x48eb: bf9d98eb 83c704 add edi,4 vmx_fb+0x48ee: bf9d98ee 837dfc03 cmp dword ptr [ebp-4],3 vmx_fb+0x48f2: bf9d98f2 7285 jb vmx_fb+0x4879 (bf9d9879) vmx_fb+0x4879: bf9d9879 83bf04010000ff cmp dword ptr [edi+104h],0FFFFFFFFh vmx_fb+0x4880: bf9d9880 7466 je vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x4882: bf9d9882 ff75fc push dword ptr [ebp-4] vmx_fb+0x4885: bf9d9885 8b750c mov esi,dword ptr [ebp+0Ch] vmx_fb+0x4888: bf9d9888 e86ff7ffff call vmx_fb+0x3ffc (bf9d8ffc) vmx_fb+0x488d: bf9d988d 8bd0 mov edx,eax vmx_fb+0x488f: bf9d988f 85d2 test edx,edx vmx_fb+0x4891: bf9d9891 7455 je vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x4893: bf9d9893 8b07 mov eax,dword ptr [edi] vmx_fb+0x4895: bf9d9895 e8d6dfffff call vmx_fb+0x2870 (bf9d7870) vmx_fb+0x489a: bf9d989a ff75fc push dword ptr [ebp-4] vmx_fb+0x489d: bf9d989d 8bf0 mov esi,eax vmx_fb+0x489f: bf9d989f 85f6 test esi,esi vmx_fb+0x48a1: bf9d98a1 7436 je vmx_fb+0x48d9 (bf9d98d9) vmx_fb+0x48a3: bf9d98a3 6aff push 0FFFFFFFFh vmx_fb+0x48a5: bf9d98a5 ff7304 push dword ptr [ebx+4] vmx_fb+0x48a8: bf9d98a8 ff7508 push dword ptr [ebp+8] vmx_fb+0x48ab: bf9d98ab e8889e0000 call vmx_fb+0xe738 (bf9e3738) vmx_fb+0x48b0: bf9d98b0 ff7508 push dword ptr [ebp+8] vmx_fb+0x48b3: bf9d98b3 838f04010000ff or dword ptr [edi+104h],0FFFFFFFFh vmx_fb+0x48ba: bf9d98ba e837d3ffff call vmx_fb+0x1bf6 (bf9d6bf6) vmx_fb+0x48bf: bf9d98bf 8b4e14 mov ecx,dword ptr [esi+14h] vmx_fb+0x48c2: bf9d98c2 894114 mov dword ptr [ecx+14h],eax vmx_fb+0x48c5: bf9d98c5 8b450c mov eax,dword ptr [ebp+0Ch] vmx_fb+0x48c8: bf9d98c8 8b80cc150000 mov eax,dword ptr [eax+15CCh] vmx_fb+0x48ce: bf9d98ce ff4930 dec dword ptr [ecx+30h] vmx_fb+0x48d1: bf9d98d1 894118 mov dword ptr [ecx+18h],eax vmx_fb+0x48d4: bf9d98d4 ff4e08 dec dword ptr [esi+8] vmx_fb+0x48d7: bf9d98d7 eb0f jmp vmx_fb+0x48e8 (bf9d98e8) vmx_fb+0x48e8: bf9d98e8 ff45fc inc dword ptr [ebp-4] vmx_fb+0x48eb: bf9d98eb 83c704 add edi,4 vmx_fb+0x48ee: bf9d98ee 837dfc03 cmp dword ptr [ebp-4],3 vmx_fb+0x48f2: bf9d98f2 7285 jb vmx_fb+0x4879 (bf9d9879) vmx_fb+0x48f4: bf9d98f4 8b4304 mov eax,dword ptr [ebx+4] vmx_fb+0x48f7: bf9d98f7 83f8ff cmp eax,0FFFFFFFFh vmx_fb+0x48fa: bf9d98fa 5f pop edi vmx_fb+0x48fb: bf9d98fb 7418 je vmx_fb+0x4915 (bf9d9915) vmx_fb+0x48fd: bf9d98fd 50 push eax vmx_fb+0x48fe: bf9d98fe ff7508 push dword ptr [ebp+8] vmx_fb+0x4901: bf9d9901 e808eb0100 call vmx_fb+0x2340e (bf9f840e) vmx_fb+0x4906: bf9d9906 85c0 test eax,eax vmx_fb+0x4908: bf9d9908 740b je vmx_fb+0x4915 (bf9d9915) vmx_fb+0x490a: bf9d990a ff7304 push dword ptr [ebx+4] vmx_fb+0x490d: bf9d990d ff7508 push dword ptr [ebp+8] vmx_fb+0x4910: bf9d9910 e8cb930000 call vmx_fb+0xdce0 (bf9e2ce0) vmx_fb+0x4915: bf9d9915 8b4320 mov eax,dword ptr [ebx+20h] vmx_fb+0x4918: bf9d9918 83f8ff cmp eax,0FFFFFFFFh vmx_fb+0x491b: bf9d991b 7454 je vmx_fb+0x4971 (bf9d9971) vmx_fb+0x491d: bf9d991d 8b7508 mov esi,dword ptr [ebp+8] vmx_fb+0x4920: bf9d9920 50 push eax vmx_fb+0x4921: bf9d9921 56 push esi vmx_fb+0x4922: bf9d9922 e8cb900000 call vmx_fb+0xd9f2 (bf9e29f2) vmx_fb+0x4927: bf9d9927 56 push esi vmx_fb+0x4928: bf9d9928 e847c7ffff call vmx_fb+0x1074 (bf9d6074) vmx_fb+0x492d: bf9d992d 50 push eax vmx_fb+0x492e: bf9d992e 56 push esi vmx_fb+0x492f: bf9d992f e8f0ceffff call vmx_fb+0x1824 (bf9d6824) vmx_fb+0x4934: bf9d9934 8d4318 lea eax,[ebx+18h] vmx_fb+0x4937: bf9d9937 50 push eax vmx_fb+0x4938: bf9d9938 68766d4943 push 43496D76h vmx_fb+0x493d: bf9d993d 56 push esi vmx_fb+0x493e: bf9d993e e8f3f70100 call vmx_fb+0x24136 (bf9f9136) vmx_fb+0x4943: bf9d9943 83f801 cmp eax,1 vmx_fb+0x4946: bf9d9946 7429 je vmx_fb+0x4971 (bf9d9971) vmx_fb+0x4971: bf9d9971 8b450c mov eax,dword ptr [ebp+0Ch] vmx_fb+0x4974: bf9d9974 834b04ff or dword ptr [ebx+4],0FFFFFFFFh vmx_fb+0x4978: bf9d9978 6a00 push 0 vmx_fb+0x497a: bf9d997a ff33 push dword ptr [ebx] vmx_fb+0x497c: bf9d997c 0574150000 add eax,1574h vmx_fb+0x4981: bf9d9981 50 push eax vmx_fb+0x4982: bf9d9982 e883bd0100 call vmx_fb+0x2070a (bf9f570a) vmx_fb+0x4987: bf9d9987 5e pop esi vmx_fb+0x4988: bf9d9988 c9 leave vmx_fb+0x4989: bf9d9989 c20800 ret 8 vmx_fb+0x78c9: bf9dc8c9 5f pop edi vmx_fb+0x78ca: bf9dc8ca 5e pop esi vmx_fb+0x78cb: bf9dc8cb b001 mov al,1 vmx_fb+0x78cd: bf9dc8cd 5b pop ebx vmx_fb+0x78ce: bf9dc8ce 5d pop ebp vmx_fb+0x78cf: bf9dc8cf c21400 ret 14h vmx_fb+0x9048: bf9de048 84c0 test al,al vmx_fb+0x904a: bf9de04a 75a6 jne vmx_fb+0x8ff2 (bf9ddff2) vmx_fb+0x8ff2: bf9ddff2 33c0 xor eax,eax vmx_fb+0x8ff4: bf9ddff4 40 inc eax vmx_fb+0x8ff5: bf9ddff5 5f pop edi vmx_fb+0x8ff6: bf9ddff6 5b pop ebx vmx_fb+0x8ff7: bf9ddff7 5d pop ebp vmx_fb+0x8ff8: bf9ddff8 c20400 ret 4 vmx_fb+0x9135: bf9de135 85c0 test eax,eax vmx_fb+0x9137: bf9de137 0f84b5000000 je vmx_fb+0x91f2 (bf9de1f2) vmx_fb+0x913d: bf9de13d c1ee02 shr esi,2 vmx_fb+0x9140: bf9de140 8d1cb3 lea ebx,[ebx+esi*4] vmx_fb+0x9143: bf9de143 3bdf cmp ebx,edi vmx_fb+0x9145: bf9de145 72a0 jb vmx_fb+0x90e7 (bf9de0e7) vmx_fb+0x9147: bf9de147 8b4508 mov eax,dword ptr [ebp+8] vmx_fb+0x914a: bf9de14a 83781800 cmp dword ptr [eax+18h],0 vmx_fb+0x914e: bf9de14e 745a je vmx_fb+0x91aa (bf9de1aa) vmx_fb+0x9150: bf9de150 8b750c mov esi,dword ptr [ebp+0Ch] vmx_fb+0x9153: bf9de153 81c674150000 add esi,1574h vmx_fb+0x9159: bf9de159 744f je vmx_fb+0x91aa (bf9de1aa) vmx_fb+0x915b: bf9de15b 33db xor ebx,ebx vmx_fb+0x915d: bf9de15d 395e10 cmp dword ptr [esi+10h],ebx vmx_fb+0x9160: bf9de160 7642 jbe vmx_fb+0x91a4 (bf9de1a4) vmx_fb+0x9162: bf9de162 33ff xor edi,edi vmx_fb+0x9164: bf9de164 8b4608 mov eax,dword ptr [esi+8] vmx_fb+0x9167: bf9de167 8b0498 mov eax,dword ptr [eax+ebx*4] vmx_fb+0x916a: bf9de16a 894510 mov dword ptr [ebp+10h],eax vmx_fb+0x916d: bf9de16d 85c0 test eax,eax vmx_fb+0x916f: bf9de16f 742d je vmx_fb+0x919e (bf9de19e) vmx_fb+0x919e: bf9de19e 43 inc ebx vmx_fb+0x919f: bf9de19f 3b5e10 cmp ebx,dword ptr [esi+10h] vmx_fb+0x91a2: bf9de1a2 72be jb vmx_fb+0x9162 (bf9de162) vmx_fb+0x91a4: bf9de1a4 8b36 mov esi,dword ptr [esi] vmx_fb+0x91a6: bf9de1a6 85f6 test esi,esi vmx_fb+0x91a8: bf9de1a8 75b1 jne vmx_fb+0x915b (bf9de15b) vmx_fb+0x91aa: bf9de1aa 8b4508 mov eax,dword ptr [ebp+8] vmx_fb+0x91ad: bf9de1ad 83781800 cmp dword ptr [eax+18h],0 vmx_fb+0x91b1: bf9de1b1 7425 je vmx_fb+0x91d8 (bf9de1d8) vmx_fb+0x91b3: bf9de1b3 8b550c mov edx,dword ptr [ebp+0Ch] vmx_fb+0x91b6: bf9de1b6 81c2a0150000 add edx,15A0h vmx_fb+0x91bc: bf9de1bc 33c0 xor eax,eax vmx_fb+0x91be: bf9de1be 40 inc eax vmx_fb+0x91bf: bf9de1bf e8ac96ffff call vmx_fb+0x2870 (bf9d7870) vmx_fb+0x91c4: bf9de1c4 85c0 test eax,eax vmx_fb+0x91c6: bf9de1c6 7410 je vmx_fb+0x91d8 (bf9de1d8) vmx_fb+0x91c8: bf9de1c8 8b404c mov eax,dword ptr [eax+4Ch] vmx_fb+0x91cb: bf9de1cb 8b401c mov eax,dword ptr [eax+1Ch] vmx_fb+0x91ce: bf9de1ce c7808804000000000000 mov dword ptr [eax+488h],0 vmx_fb+0x91d8: bf9de1d8 8b750c mov esi,dword ptr [ebp+0Ch] vmx_fb+0x91db: bf9de1db 8b7d08 mov edi,dword ptr [ebp+8] vmx_fb+0x91de: bf9de1de e80bd5ffff call vmx_fb+0x66ee (bf9db6ee) vmx_fb+0x91e3: bf9de1e3 33c0 xor eax,eax vmx_fb+0x91e5: bf9de1e5 eb2e jmp vmx_fb+0x9215 (bf9de215) vmx_fb+0x9215: bf9de215 e8a7bc0100 call vmx_fb+0x24ec1 (bf9f9ec1) vmx_fb+0x921a: bf9de21a c20c00 ret 0Ch vmx_fb+0x96fb: bf9de6fb 3b35bcceb9bf cmp esi,dword ptr [vmx_fb+0x1c7ebc (bfb9cebc)] vmx_fb+0x9701: bf9de701 8b7d1c mov edi,dword ptr [ebp+1Ch] vmx_fb+0x9704: bf9de704 8907 mov dword ptr [edi],eax vmx_fb+0x9706: bf9de706 740b je vmx_fb+0x9713 (bf9de713) vmx_fb+0x9713: bf9de713 83bb6818000000 cmp dword ptr [ebx+1868h],0 vmx_fb+0x971a: bf9de71a 7428 je vmx_fb+0x9744 (bf9de744) vmx_fb+0x9744: bf9de744 5e pop esi vmx_fb+0x9745: bf9de745 b001 mov al,1 vmx_fb+0x9747: bf9de747 5b pop ebx vmx_fb+0x9748: bf9de748 eb0b jmp vmx_fb+0x9755 (bf9de755) vmx_fb+0x9755: bf9de755 5f pop edi vmx_fb+0x9756: bf9de756 5d pop ebp vmx_fb+0x9757: bf9de757 c21800 ret 18h vmx_fb+0x991b: bf9de91b 8b4d20 mov ecx,dword ptr [ebp+20h] vmx_fb+0x991e: bf9de91e 0fbec0 movsx eax,al vmx_fb+0x9921: bf9de921 8901 mov dword ptr [ecx],eax vmx_fb+0x9923: bf9de923 e969ffffff jmp vmx_fb+0x9891 (bf9de891) vmx_fb+0x9891: bf9de891 e8e095ffff call vmx_fb+0x2e76 (bf9d7e76) vmx_fb+0x9896: bf9de896 ebc3 jmp vmx_fb+0x985b (bf9de85b) vmx_fb+0x985b: bf9de85b b001 mov al,1 vmx_fb+0x985d: bf9de85d e9cc000000 jmp vmx_fb+0x992e (bf9de92e) vmx_fb+0x992e: bf9de92e 5f pop edi vmx_fb+0x992f: bf9de92f 5e pop esi vmx_fb+0x9930: bf9de930 5b pop ebx vmx_fb+0x9931: bf9de931 c9 leave vmx_fb+0x9932: bf9de932 c21c00 ret 1Ch vmx_fb+0x1efbe: bf9f3fbe ebc6 jmp vmx_fb+0x1ef86 (bf9f3f86) vmx_fb+0x1ef86: bf9f3f86 84c0 test al,al vmx_fb+0x1ef88: bf9f3f88 7436 je vmx_fb+0x1efc0 (bf9f3fc0) vmx_fb+0x1ef8a: bf9f3f8a 8b4508 mov eax,dword ptr [ebp+8] vmx_fb+0x1ef8d: bf9f3f8d eb33 jmp vmx_fb+0x1efc2 (bf9f3fc2) vmx_fb+0x1efc2: bf9f3fc2 5e pop esi vmx_fb+0x1efc3: bf9f3fc3 5d pop ebp vmx_fb+0x1efc4: bf9f3fc4 c21800 ret 18h win32k!PDEVOBJ::Escape+0x37: bf8818ae 837dfc00 cmp dword ptr [ebp-4],0 win32k!PDEVOBJ::Escape+0x3b: bf8818b2 8bf8 mov edi,eax win32k!PDEVOBJ::Escape+0x3d: bf8818b4 7508 jne win32k!PDEVOBJ::Escape+0x3f (bf8818be) win32k!PDEVOBJ::Escape+0x45: bf8818b6 8bc7 mov eax,edi win32k!PDEVOBJ::Escape+0x47: bf8818b8 5f pop edi win32k!PDEVOBJ::Escape+0x48: bf8818b9 5e pop esi win32k!PDEVOBJ::Escape+0x49: bf8818ba c9 leave win32k!PDEVOBJ::Escape+0x4a: bf8818bb c21800 ret 18h win32k!GreExtEscape+0x4e0: bf881544 8d4df0 lea ecx,[ebp-10h] win32k!GreExtEscape+0x4e3: bf881547 8bf0 mov esi,eax win32k!GreExtEscape+0x4e5: bf881549 e80f30f8ff call win32k!DEVLOCKOBJ::vDestructor (bf80455d) win32k!GreExtEscape+0x4ea: bf88154e 8b4508 mov eax,dword ptr [ebp+8] win32k!GreExtEscape+0x4ed: bf881551 85c0 test eax,eax win32k!GreExtEscape+0x4ef: bf881553 7409 je win32k!GreExtEscape+0x4fa (bf88155e) win32k!GreExtEscape+0x4f1: bf881555 8d4808 lea ecx,[eax+8] win32k!GreExtEscape+0x4f4: bf881558 ff1530cd98bf call dword ptr [win32k!_imp_InterlockedDecrement (bf98cd30)] win32k!GreExtEscape+0x4fa: bf88155e 8bc6 mov eax,esi win32k!GreExtEscape+0x75: bf881560 5f pop edi win32k!GreExtEscape+0x76: bf881561 5e pop esi win32k!GreExtEscape+0x77: bf881562 5b pop ebx win32k!GreExtEscape+0x78: bf881563 c9 leave win32k!GreExtEscape+0x79: bf881564 c21800 ret 18h win32k!NtGdiExtEscape+0x336: bf881b5c 89854cffffff mov dword ptr [ebp-0B4h],eax win32k!NtGdiExtEscape+0x33c: bf881b62 397520 cmp dword ptr [ebp+20h],esi win32k!NtGdiExtEscape+0x33f: bf881b65 7546 jne win32k!NtGdiExtEscape+0x341 (bf881bad) win32k!NtGdiExtEscape+0x341: bf881bad c745fc03000000 mov dword ptr [ebp-4],3 win32k!NtGdiExtEscape+0x348: bf881bb4 ff7520 push dword ptr [ebp+20h] win32k!NtGdiExtEscape+0x34b: bf881bb7 ffb558ffffff push dword ptr [ebp-0A8h] win32k!NtGdiExtEscape+0x351: bf881bbd ffb538ffffff push dword ptr [ebp-0C8h] win32k!NtGdiExtEscape+0x357: bf881bc3 e825f6f9ff call win32k!ProbeAndWriteBuffer (bf8211ed) win32k!NtGdiExtEscape+0x35c: bf881bc8 834dfcff or dword ptr [ebp-4],0FFFFFFFFh win32k!NtGdiExtEscape+0x360: bf881bcc eb99 jmp win32k!NtGdiExtEscape+0x376 (bf881b67) win32k!NtGdiExtEscape+0x376: bf881b67 39b548ffffff cmp dword ptr [ebp-0B8h],esi win32k!NtGdiExtEscape+0x37c: bf881b6d 0f85dbfdffff jne win32k!NtGdiExtEscape+0x37e (bf88194e) win32k!NtGdiExtEscape+0x38a: bf881b73 39b544ffffff cmp dword ptr [ebp-0BCh],esi win32k!NtGdiExtEscape+0x390: bf881b79 0f85e0fdffff jne win32k!NtGdiExtEscape+0x392 (bf88195f) win32k!NtGdiExtEscape+0x3a5: bf881b7f 39b540ffffff cmp dword ptr [ebp-0C0h],esi win32k!NtGdiExtEscape+0x3ab: bf881b85 0f85f0fdffff jne win32k!NtGdiExtEscape+0x3ad (bf88197b) win32k!NtGdiExtEscape+0x3c0: bf881b8b 39b53cffffff cmp dword ptr [ebp-0C4h],esi win32k!NtGdiExtEscape+0x3c6: bf881b91 0f8500feffff jne win32k!NtGdiExtEscape+0x3c8 (bf881997) win32k!NtGdiExtEscape+0x3db: bf881b97 8b854cffffff mov eax,dword ptr [ebp-0B4h] win32k!NtGdiExtEscape+0x3e1: bf881b9d 8b4de4 mov ecx,dword ptr [ebp-1Ch] win32k!NtGdiExtEscape+0x3e4: bf881ba0 e824f5f7ff call win32k!__security_check_cookie (bf8010c9) win32k!NtGdiExtEscape+0x3e9: bf881ba5 e899f0f7ff call win32k!_SEH_epilog (bf800c43) win32k!NtGdiExtEscape+0x3ee: bf881baa c22000 ret 20h nt!KiFastCallEntry+0xf8: 804077ec 8be5 mov esp,ebp nt!KiFastCallEntry+0xfa: 804077ee 8b0d24f1dfff mov ecx,dword ptr ds:[0FFDFF124h] nt!KiFastCallEntry+0x100: 804077f4 8b553c mov edx,dword ptr [ebp+3Ch] nt!KiFastCallEntry+0x103: 804077f7 899134010000 mov dword ptr [ecx+134h],edx nt!KiServiceExit: 804077fd fa cli nt!KiServiceExit+0x1: 804077fe f7457000000200 test dword ptr [ebp+70h],20000h nt!KiServiceExit+0x8: 80407805 7506 jne nt!KiServiceExit+0x10 (8040780d) nt!KiServiceExit+0xa: 80407807 f6456c01 test byte ptr [ebp+6Ch],1 nt!KiServiceExit+0xe: 8040780b 7457 je nt!KiServiceExit+0x67 (80407864) nt!KiServiceExit+0x10: 8040780d 8b1d24f1dfff mov ebx,dword ptr ds:[0FFDFF124h] nt!KiServiceExit+0x16: 80407813 c6432e00 mov byte ptr [ebx+2Eh],0 nt!KiServiceExit+0x1a: 80407817 807b4a00 cmp byte ptr [ebx+4Ah],0 nt!KiServiceExit+0x1e: 8040781b 7447 je nt!KiServiceExit+0x67 (80407864) nt!KiServiceExit+0x67: 80407864 8b54244c mov edx,dword ptr [esp+4Ch] nt!KiServiceExit+0x6b: 80407868 648b1d50000000 mov ebx,dword ptr fs:[50h] nt!KiServiceExit+0x72: 8040786f 64891500000000 mov dword ptr fs:[0],edx nt!KiServiceExit+0x79: 80407876 8b4c2448 mov ecx,dword ptr [esp+48h] nt!KiServiceExit+0x7d: 8040787a 648b3524010000 mov esi,dword ptr fs:[124h] nt!KiServiceExit+0x84: 80407881 888e40010000 mov byte ptr [esi+140h],cl nt!KiServiceExit+0x8a: 80407887 f7c3ff000000 test ebx,0FFh nt!KiServiceExit+0x90: 8040788d 7579 jne nt!KiSystemCallExit2+0x17 (80407908) nt!KiServiceExit+0x92: 8040788f f744247000000200 test dword ptr [esp+70h],20000h nt!KiServiceExit+0x9a: 80407897 0f85eb080000 jne nt!KiExceptionExit+0x12c (80408188) nt!KiServiceExit+0xa0: 8040789d 66f744246cf8ff test word ptr [esp+6Ch],0FFF8h nt!KiServiceExit+0xa7: 804078a4 0f84b4000000 je nt!KiSystemCallExit2+0x6d (8040795e) nt!KiServiceExit+0xad: 804078aa 66837c246c1b cmp word ptr [esp+6Ch],1Bh nt!KiServiceExit+0xb3: 804078b0 660fba64246c00 bt word ptr [esp+6Ch],0 nt!KiServiceExit+0xba: 804078b7 f5 cmc nt!KiServiceExit+0xbb: 804078b8 0f878e000000 ja nt!KiSystemCallExit2+0x5b (8040794c) nt!KiServiceExit+0xc1: 804078be 66837d6c08 cmp word ptr [ebp+6Ch],8 nt!KiServiceExit+0xc6: 804078c3 7405 je nt!KiServiceExit+0xcd (804078ca) nt!KiServiceExit+0xc8: 804078c5 8d6550 lea esp,[ebp+50h] nt!KiServiceExit+0xcb: 804078c8 0fa1 pop fs nt!KiServiceExit+0xcd: 804078ca 8d6554 lea esp,[ebp+54h] nt!KiServiceExit+0xd0: 804078cd 5f pop edi nt!KiServiceExit+0xd1: 804078ce 5e pop esi nt!KiServiceExit+0xd2: 804078cf 5b pop ebx nt!KiServiceExit+0xd3: 804078d0 5d pop ebp nt!KiServiceExit+0xd4: 804078d1 66817c24088000 cmp word ptr [esp+8],80h nt!KiServiceExit+0xdb: 804078d8 0f87c6080000 ja nt!KiExceptionExit+0x148 (804081a4) nt!KiServiceExit+0xe1: 804078de 83c404 add esp,4 nt!KiServiceExit+0xe4: 804078e1 f744240401000000 test dword ptr [esp+4],1 nt!KiSystemCallExitBranch: 804078e9 7506 jne nt!KiSystemCallExit2 (804078f1) nt!KiSystemCallExit2: 804078f1 f644240901 test byte ptr [esp+9],1 nt!KiSystemCallExit2+0x5: 804078f6 75f8 jne nt!KiSystemCallExit (804078f0) nt!KiSystemCallExit2+0x7: 804078f8 5a pop edx nt!KiSystemCallExit2+0x8: 804078f9 83c404 add esp,4 nt!KiSystemCallExit2+0xb: 804078fc 80642401fd and byte ptr [esp+1],0FDh nt!KiSystemCallExit2+0x10: 80407901 9d popfd nt!KiSystemCallExit2+0x11: 80407902 59 pop ecx nt!KiSystemCallExit2+0x12: 80407903 fb sti nt!KiSystemCallExit2+0x13: 80407904 0f35 sysexit ntdll!KiFastSystemCallRet: 001b:7c90e4f4 c3 ret GDI32!NtGdiExtEscape+0xc: 001b:77f1c573 c22000 ret 20h GDI32!ExtEscape+0x37e: 001b:77f1c553 8b4dfc mov ecx,dword ptr [ebp-4] GDI32!ExtEscape+0x381: 001b:77f1c556 5f pop edi GDI32!ExtEscape+0x382: 001b:77f1c557 5e pop esi GDI32!ExtEscape+0x383: 001b:77f1c558 5b pop ebx GDI32!ExtEscape+0x384: 001b:77f1c559 e8deb9ffff call GDI32!__security_check_cookie (77f17f3c) GDI32!ExtEscape+0x389: 001b:77f1c55e c9 leave GDI32!ExtEscape+0x38a: 001b:77f1c55f c21800 ret 18h *** ERROR: Module load completed but symbols could not be loaded for vmwogl32.dll vmwogl32+0x12a3: 001b:100012a3 83c42c add esp,2Ch vmwogl32+0x12a6: 001b:100012a6 c3 ret vmwogl32+0x203d: 001b:1000203d 83c410 add esp,10h vmwogl32+0x2040: 001b:10002040 57 push edi vmwogl32+0x2041: 001b:10002041 ff1594208c10 call dword ptr [vmwogl32+0x8c2094 (108c2094)] vmwogl32+0x2047: 001b:10002047 57 push edi vmwogl32+0x2048: 001b:10002048 ff1598208c10 call dword ptr [vmwogl32+0x8c2098 (108c2098)] watchdog!WdUpdateRecoveryState: Recovery enabled.