SyDr
Posts: 1054
|
>> SetProcessDEPPolicy: DEP was turned off
>> InstallHook: Installing NtQueryAttributesFile hook
>> InstallHook: Installing NtQueryFullAttributesFile hook
>> InstallHook: Installing NtOpenFile hook
>> InstallHook: Installing NtCreateFile hook
>> InstallHook: Installing NtClose hook
>> InstallHook: Installing NtQueryDirectoryFile hook
>> TestGetFileAttributes: Started
>> [ENTER] NtQueryAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
>> [LEAVE] NtQueryAttributesFile: Result: C0000034. Attrs: 0x76B3CD0E.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
Redirected: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
>> [ENTER] NtQueryAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
>> [LEAVE] NtQueryAttributesFile: Result: 0. Attrs: 0x20.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots\mms.cfg"
>> [ENTER] NtQueryAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\503.html"
>> [LEAVE] NtQueryAttributesFile: Result: 0. Attrs: 0x20.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\503.html"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\Apache\503.html"
>> [ENTER] NtQueryAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots"
>> [LEAVE] NtQueryAttributesFile: Result: 0. Attrs: 0x10.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots"
>> [ENTER] NtQueryAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Mods"
>> [LEAVE] NtQueryAttributesFile: Result: 0. Attrs: 0x10.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods"
Redirected: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Mods"
>> TestGetFileAttributes: Ended
>> TestGetFileAttributesEx: Started
>> [ENTER] NtQueryFullAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
>> [LEAVE] NtQueryFullAttributesFile: Result: C0000034. Attrs: 0x0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
Redirected: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
>> [ENTER] NtQueryFullAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
>> [LEAVE] NtQueryFullAttributesFile: Result: 0. Attrs: 0x20.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots\mms.cfg"
>> [ENTER] NtQueryFullAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\503.html"
>> [LEAVE] NtQueryFullAttributesFile: Result: 0. Attrs: 0x20.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\503.html"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\Apache\503.html"
>> [ENTER] NtQueryFullAttributesFile: Dir: 0.
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\default"
>> [LEAVE] NtQueryFullAttributesFile: Result: 0. Attrs: 0x20.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\default"
Redirected: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\default"
>> TestGetFileAttributesEx: Ended
>> TestFilesOpenClose: Started
>> NtOpenFile: \??\C:\Users\sydr1\Desktop\x\Tests\Fs
>> [ENTER] NtCreateFile: Access: 0x100020. CreateDisposition: 0x1
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs"
>> [LEAVE] NtCreateFile: Handle: 298. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2"
>> [ENTER] NtClose: Handle: 8C
>> [LEAVE] NtClose: Status: 0
>> [ENTER] NtCreateFile: Access: 0x80100080. CreateDisposition: 0x1
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
>> [LEAVE] NtCreateFile: Handle: 0. Status: C0000034.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\non-existing.non"
>> [ENTER] NtCreateFile: Access: 0x80100080. CreateDisposition: 0x1
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
>> [LEAVE] NtCreateFile: Handle: 2AC. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots\mms.cfg"
>> [ENTER] NtClose: Handle: 2AC
>> [LEAVE] NtClose: Status: 0
>> [ENTER] NtCreateFile: Access: 0x80100080. CreateDisposition: 0x1
Path: "Hobbots\mms.cfg"
>> [LEAVE] NtCreateFile: Handle: 2AC. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots\mms.cfg"
>> [ENTER] NtClose: Handle: 2AC
>> [LEAVE] NtClose: Status: 0
>> NtOpenFile: \??\C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots
>> [ENTER] NtCreateFile: Access: 0x100020. CreateDisposition: 0x1
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots"
>> [LEAVE] NtCreateFile: Handle: 2AC. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots"
>> [ENTER] NtClose: Handle: 298
>> [LEAVE] NtClose: Status: 0
>> [ENTER] NtCreateFile: Access: 0x80100080. CreateDisposition: 0x1
Path: "mms.cfg"
>> [LEAVE] NtCreateFile: Handle: 378. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots\mms.cfg"
>> [ENTER] NtClose: Handle: 378
>> [LEAVE] NtClose: Status: 0
>> [ENTER] NtCreateFile: Access: 0x80100080. CreateDisposition: 0x1
Path: "mms.cfg"
>> [LEAVE] NtCreateFile: Handle: 298. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\Hobbots\mms.cfg"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\Hobbots\mms.cfg"
>> NtOpenFile: \??\C:\Users\sydr1\Desktop\x
>> [ENTER] NtCreateFile: Access: 0x100020. CreateDisposition: 0x1
Path: "\??\C:\Users\sydr1\Desktop\x"
>> [LEAVE] NtCreateFile: Handle: 8C. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x"
>> [ENTER] NtClose: Handle: 2AC
>> [LEAVE] NtClose: Status: 0
>> TestFilesOpenClose: Ended
>> TestDirectoryListing: Started
>> NtOpenFile: \??\C:\Users\sydr1\Desktop\x\Tests\Fs\
>> [ENTER] NtCreateFile: Access: 0x100001. CreateDisposition: 0x1
Path: "\??\C:\Users\sydr1\Desktop\x\Tests\Fs\"
>> [LEAVE] NtCreateFile: Handle: 2AC. Status: 0.
Expanded: "C:\Users\sydr1\Desktop\x\Tests\Fs\"
Redirected: "C:\Users\sydr1\Desktop\x\Tests\Fs\Mods\FullyVirtual_2\"
>> [ENTER] NtClose: Handle: 2AC
>> [LEAVE] NtClose: Status: 0
|
|
| 12.05.2019 20:06 |
|
Search
Member List
Help
